anti-debugging (=0.0.0), capcom0 (=0.1.1) +9 more potentially affected by CVE-2024-58253 via obfstr (>=0.1.1 <=0.3.0)

obfstr CARGO version =0.1.1, =0.7.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =1.0.3, =0.1.0, =0.6.0, =0.6.0, =0.11.0 Source cves: CVE-2024-58253 Source advisory: OSV:GHSA-V2P5-Q653-9J99...

BIT-MOODLE-2024-34004 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

BIT-MOODLE-2024-34003 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

BIT-MOODLE-2024-34002 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

CVE-2025-39429

CVE-2025-39429 is a Local File Inclusion vulnerability in the WordPress plugin Széchenyi 2020 Logo (versions n/a–1.1). The weakness stems from improper filename handling in PHP Include/Require, enabling an attacker to influence file inclusion through crafted input. The provided Connected/External...

WordPress plugin Ray Enterprise Translation 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2025-39592 WordPress Subscribe to Unlock Lite plugin <= 1.3.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Shuffle Subscribe to Unlock Lite subscribe-to-unlock-lite allows PHP Local File Inclusion.This issue affects Subscribe to Unlock Lite: from n/a through = 1.3.0...

WordPress plugin Booking and Rental Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of the tls_user_config() function in the include/net/tls.h module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the tlsuserconfig function in the include/net/tls.h module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of the l3mdev_l3_out() function in the include/net/l3mdev.h module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the l3mdevl3out function in the include/net/l3mdev.h module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

PT-2025-16085

Name of the Vulnerable Software and Affected Versions: EventON versions prior to 2.3.2 EventON version 2.3.2 Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...

Moodle 4.3.x < 4.3.3 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.10, or 4.2.x prior to 4.2.7 or 4.3.x prior to 4.3.3. It is, therefore, affected by multiple vulnerabilities. - Actions in the admin management of analytics models did not include the necessary tok...

Moodle < 4.1.10 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.10, or 4.2.x prior to 4.2.7 or 4.3.x prior to 4.3.3. It is, therefore, affected by multiple vulnerabilities. - Actions in the admin management of analytics models did not include the necessary tok...

DEBIAN-CVE-2025-3409

A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stbincludestring. The manipulation of the argument pathtoincludes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use...

CVE-2025-30596

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in tstafford include-file include-file allows Path Traversal.This issue affects include-file: from n/a through = 1...

CVE-2025-32151

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Sven Lehnert BuddyForms allows PHP Local File Inclusion. This issue affects BuddyForms: from n/a through 2.8.15...

CVE-2025-32159 WordPress Radius Blocks plugin <= 2.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Radius Blocks radius-blocks allows PHP Local File Inclusion.This issue affects Radius Blocks: from n/a through = 2.2.1...

WordPress plugin Motors 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-14937 · Unknown · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms versions n/a through 2.8.15 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local File...

CVE-2025-30596

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in tstafford include-file include-file allows Path Traversal.This issue affects include-file: from n/a through = 1...