8787 matches found
PT-2026-27816
Name of the Vulnerable Software and Affected Versions Elated-Themes Gaspard versions n/a through 1.3 Description A flaw exists in the handling of filenames for Include/Require statements within a PHP program, specifically a PHP Remote File Inclusion issue in Elated-Themes Gaspard. This allows for...
PT-2026-27821
Name of the Vulnerable Software and Affected Versions Elated-Themes Lella versions n/a through 1.2 Description The software contains a flaw due to improper control of the filename for Include/Require statements in the PHP program, leading to a PHP Local File Inclusion issue. The vulnerable...
PT-2026-27834
Name of the Vulnerable Software and Affected Versions AncoraThemes Triompher versions through 1.1.0 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local...
PT-2026-27835
Name of the Vulnerable Software and Affected Versions AncoraThemes Unica versions through 1.4.1 Description The software contains a flaw related to improper control of filename handling for include/require statements, leading to a PHP Remote File Inclusion issue. This allows for PHP Local File...
PT-2026-27819
Name of the Vulnerable Software and Affected Versions AncoraThemes Hypnotherapy versions through 1.2.10 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Loc...
PT-2026-27824
Name of the Vulnerable Software and Affected Versions ThemeREX Nelson versions n/a through 1.2.0 Description A flaw exists in ThemeREX Nelson due to improper control of filename handling for include/require statements in the PHP program, leading to a PHP Local File Inclusion issue. The...
PT-2026-27980
Name of the Vulnerable Software and Affected Versions Mikado-Themes Rosebud versions through 1.4 Description A flaw exists in the handling of filenames used in include/require statements within the PHP code of Mikado-Themes Rosebud, leading to a PHP Local File Inclusion issue. This allows for the...
Support Board SQL注入漏洞
Support Board is a sales chat software developed by the British company Support Board. Version 3.7.7 of Support Board contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter calls0messageids in the file /supportboard/include/ajax.php, which may...
PT-2026-27836
Name of the Vulnerable Software and Affected Versions AncoraThemes VegaDays versions through 1.2.0 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local Fi...
PT-2026-28019
Name of the Vulnerable Software and Affected Versions CreativeWS Kiddy versions through 2.0.8 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...
PT-2026-28018
Name of the Vulnerable Software and Affected Versions CreativeWS VintWood versions n/a through 1.1.8 Description The software contains a flaw due to improper control of filename handling for Include/Require statements in the PHP program, leading to a PHP Local File Inclusion issue. The affected...
PT-2026-27825
Name of the Vulnerable Software and Affected Versions ProLingua versions n/a through 1.1.12 Description The software contains an improper control of filename handling for include/require statements, leading to a PHP Local File Inclusion issue. The vulnerable component allows an attacker to includ...
PT-2026-27931
Name of the Vulnerable Software and Affected Versions LoveDate versions prior to 3.8.6 Description A flaw exists in the handling of filenames used in include/require statements within the PHP program LoveDate. This can lead to a PHP Local File Inclusion issue. The issue allows for the inclusion o...
PT-2026-27829
Name of the Vulnerable Software and Affected Versions AncoraThemes Dentalux versions n/a through 3.3 Description The software contains an improper control of filename handling for include/require statements, leading to a PHP Local File Inclusion issue. This allows an attacker to potentially inclu...
PT-2026-27776
A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0message ids' parameter in '/supportboard/include/ajax.php' endpoint...
GHSA-X6M9-38VM-2XHF Scriban has an authorization bypass due to stale include cache surviving TemplateContext.Reset()
Summary TemplateContext.Reset claims that a TemplateContext can be reused safely on the same thread, but it does not clear CachedTemplates. If an application pools TemplateContext objects and uses an ITemplateLoader that resolves content per request, tenant, or user, a previously authorized inclu...
Scriban has an authorization bypass due to stale include cache surviving TemplateContext.Reset()
Summary TemplateContext.Reset claims that a TemplateContext can be reused safely on the same thread, but it does not clear CachedTemplates. If an application pools TemplateContext objects and uses an ITemplateLoader that resolves content per request, tenant, or user, a previously authorized inclu...
CVE-2026-30932
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...
CVE-2026-30932
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...
CVE-2026-33513
WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint APIName=locale concatenates user input into an include path with no canonicalization or whitelist. Path traversal is accepted, so arbitrary PHP files under the web root can be...