CVE-2025-59558

The CVE-2025-59558 entry concerns the WordPress Billey Theme (< 2.1.6) with a Local File Inclusion due to improper control of the filename in include/require statements, effectively a PHP Remote File Inclusion issue that allows local inclusion. Affected software is the Billey WordPress theme, ...

CVE-2025-59550

CVE-2025-59550 is a WordPress theme vulnerability in designervily Xcare (Xcare) where an improper control of the filename used by include/require enables a PHP Local File Inclusion (LFI). Affected product: WordPress theme Xcare

CVE-2025-58967 WordPress Businext theme < 2.4.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through 2.4.4...

CVE-2025-58958 WordPress SmilePure Theme < 1.8.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affects SmilePure: from n/a through 1.8.5...

CVE-2025-58955 WordPress Karzo theme < 2.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in designervily Karzo karzo allows PHP Local File Inclusion.This issue affects Karzo: from n/a through 2.6...

CVE-2025-58955 WordPress Karzo theme < 2.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in designervily Karzo karzo allows PHP Local File Inclusion.This issue affects Karzo: from n/a through 2.6...

CVE-2025-49935 WordPress WoodMart theme < 8.3.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from n/a through 8.3.2...

CVE-2025-49921 WordPress JetReviews plugin <= 3.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through = 3.0.0...

libxml2: Fix of CVE-2022-49043

CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode, free URI after reporting the error to avoid use-after-free...

PT-2025-43199

Name of the Vulnerable Software and Affected Versions xtemos WoodMart versions prior to 8.3.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local file...

PT-2025-43280

Name of the Vulnerable Software and Affected Versions ThemeMove Businext versions prior to 2.4.4 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

PT-2025-43274

Name of the Vulnerable Software and Affected Versions Karzo versions prior to 2.6 Description The software contains a flaw related to improper control of filenames used in include/require statements, potentially leading to PHP Local File Inclusion. This allows for the inclusion of local files...

WordPress plugin Medizin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin WP Abstracts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin SmilePure 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin WoodMart 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-43151

Name of the Vulnerable Software and Affected Versions RadiusTheme Testimonial Slider And Showcase Pro versions through 2.1.7 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows...

JLSEC-2025-83 An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to a Regular Expression Denial Of Service ReDoS. The vulnerability is due to the douseweightdecay method in the AdamWeightDecay optimizer processing user-controlled regular expressions in the includeinweightdecay and excludefromweightdecay lists, which allows an attacke...

CVE-2025-52655 HCL MyXalytics is affected by a Cross-Domain Script Include vulnerability.

Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure...