CVE-2025-67523

CVE-2025-67523: WordPress Exhibz theme

CVE-2025-67523 WordPress Exhibz theme <= 3.0.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in trippleS Exhibz exhibz allows PHP Local File Inclusion.This issue affects Exhibz: from n/a through = 3.0.9...

CVE-2025-67523 WordPress Exhibz theme <= 3.0.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in trippleS Exhibz exhibz allows PHP Local File Inclusion.This issue affects Exhibz: from n/a through = 3.0.9...

CVE-2025-67521 WordPress Select Core plugin < 2.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Select Core select-core allows PHP Local File Inclusion.This issue affects Select Core: from n/a through 2.6...

CVE-2025-67515 WordPress Wilmër theme < 3.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through 3.5...

PT-2025-49891

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through 3.5...

PT-2025-49902

Name of the Vulnerable Software and Affected Versions ThimPress Sailing versions prior to 4.4.6 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion...

PT-2025-49905

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Opal WP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through 5.3.0...

Apache HTTP Server < 2.4.66 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

OPENSUSE-SU-2025:20119-1 Security update for tcpreplay

This update for tcpreplay fixes the following issues: - update to 4.5.2: features added since 4.4.4 - fix/recalculate header checksum for ipv6-frag - IPv6 frag checksum support - AFXDP socket support - tcpreplay -w write into a pcap file - tcpreplay --fixhdrlen - --include and --exclude options -...

SUSE-SU-2025:21066-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2025-11561: Fixed default Kerberos configuration allowing privilege escalation on AD-joined Linux systems bsc1251827 Other fixes: - Install file in krb5.conf.d to include sssd krb5 config snippets bsc1244325...

[SECURITY] Fedora 42 Update: python-mkdocs-include-markdown-plugin-7.2.0-1.fc42

This package provides an Mkdocs Markdown includer plugin...

Fedora 43 : python-mkdocs-include-markdown-plugin (2025-1b1bb708af)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-1b1bb708af advisory. v7.2.0 New features - Add new argument order to sort multiple inclusions. v7.1.8 Bug fixes - Escape substitution placeholders to prevent malformed...

Fedora 44 : python-mkdocs-include-markdown-plugin (2025-0ec38c29fa)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0ec38c29fa advisory. Automatic update for python-mkdocs-include-markdown-plugin-7.2.0-1.fc44. Changelog Mon Nov 24 2025 Michel Lind - 7.2.0-1 - Update to 7.2.0 - Resolves:...

CVE-2025-66115

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...

CVE-2025-66115

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...

MAL-2025-179551 Malicious code in anais-papoa-0iaia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf12c5097d8119b14a5fe2d44795ec0dae5e1af22dfd66c4e8c52306d04e93e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yabbering-brown-woodpecker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca10e2c101534a9074f3fbbcbaf0f0d248630b68710eaf22ba06990173f1ab9b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-11129 Include fussball.de Widgets <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'api' and 'type'

The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Include Fussball.de Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...