Lucene search
K

8921 matches found

Nuclei
Nuclei
added 9 hours ago8 views

MajorDoMo - Unauthenticated RCE

MajorDoMo contains a remote code execution caused by an include order bug and lack of exit after redirect in admin panel's PHP console, letting unauthenticated attackers execute arbitrary PHP code via crafted GET requests. id: CVE-2026-27174 info: name: MajorDoMo - Unauthenticated RCE author:...

9.8CVSS6.7AI score0.06996EPSS
Exploits4References4
Nuclei
Nuclei
added 9 hours ago78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
NVD
NVD
added yesterday5 views

CVE-2026-46638

Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...

6CVSS0.00066EPSS
Exploits0References3
Cvelist
Cvelist
added yesterday17 views

CVE-2026-46638 Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...

6CVSS0.00066EPSS
Exploits0References3
NVD
NVD
added 2 days ago7 views

CVE-2026-57799

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through = 1.3.6...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-57800

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through = 1.5...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-57802

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-57801

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affects SetSail: from n/a through = 2.1...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-57791

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago8 views

CVE-2026-57793

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Flow flow allows PHP Local File Inclusion.This issue affects Flow: from n/a through = 1.8...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-57796

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VLThemes Leedo leedo allows PHP Local File Inclusion.This issue affects Leedo: from n/a through = 3.0.0...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-57795

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects Kitchor: from n/a through = 1.4.3...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago8 views

CVE-2026-57792

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through = 2.4.1...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago10 views

CVE-2026-57790

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through = 2.1.8...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-57794

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Golo Framework golo-framework allows PHP Local File Inclusion.This issue affects Golo Framework: from n/a through = 1.7.3...

7.5CVSS0.00496EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43296

A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...

5.3CVSS5.9AI score0.00242EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-57802

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References2
CVE
CVE
added 2 days ago11 views

CVE-2026-57796

CVE-2026-57796 reports an "Improp­er Control of Filename for Include/Require Statement" in the VLThemes Leedo WordPress theme. The issue allows PHP Local File Inclusion due to improper filename handling in include/require statements, and affects Leedo versions from unknown start up through v3.0.0...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References1
CVE
CVE
added 2 days ago14 views

CVE-2026-57791

CVE-2026-57791 : Affected software is the WordPress Brook theme, <= 2.9.0. The issue is an improper validation/control of filenames in PHP include/require, enabling an PHP Local File Inclusion via a crafted filename. The NVD entry cites a CVSS v3.1 base score of 7.5 (HIGH) with network attack ...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References1
CVE
CVE
added 2 days ago15 views

CVE-2026-57788

CVE-2026-57788 describes an improper filename control in the Edge-Themes Aalto WordPress theme (Aalto

7.5CVSS6.1AI score0.00496EPSS
Exploits0References1
Rows per page
Query Builder