PT-2026-21217

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion.This issue affects Zio Alberto: from n/a through = 1.2.2...

PT-2026-21187

Name of the Vulnerable Software and Affected Versions ThemeREX FreightCo versions through 1.1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendatio...

PT-2026-21218

Name of the Vulnerable Software and Affected Versions AncoraThemes Impacto Patronus versions through 1.2.3 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files...

PT-2026-21097

Name of the Vulnerable Software and Affected Versions thembay Nika versions through 1.2.14 Description An issue exists in thembay Nika that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This is a PHP Remote File Inclusion issue...

PT-2026-21054

Name of the Vulnerable Software and Affected Versions thembay Besa versions prior to 2.3.16 Description An issue exists in thembay Besa related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion. This allows for the inclusion of local files...

CVE-2026-27343

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through = 1.2.91...

CVE-2026-27343

CVE-2026-27343 affects WordPress Airtifact theme versions

CVE-2026-27343 WordPress Airtifact theme <= 1.2.91 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through = 1.2.91...

CVE-2026-25326

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through = 1.4.5...

CVE-2026-25326 WordPress CMSMasters Content Composer plugin <= 1.4.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through = 1.4.5...

CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

CVE-2026-27174 MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

CVE-2026-27174

CVE-2026-27174 affects MajorDoMo. An include-order bug in modules/panel.class.php lets unauthenticated users reach the admin panel’s PHP console, with execution continuing into inc_panel_ajax.php after a redirect that lacks an exit. The console handler passes GET parameters (via register_globals)...

CVE-2026-27174 MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

SUSE-SU-2026:20353-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving directives bsc1256805...

SUSE-SU-2026:20372-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving directives bsc1256805...

Exploit for CVE-2025-49132

CVE-2025-49132 - Pterodactyl Panel Unauthenticated RCE...

openSUSE 16 Security Update : libxml2 (openSUSE-SU-2026:20178-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20178-1 advisory. - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving directiv...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving include directives bsc1256805 Patch Instructions: To install this SUSE update use the SUSE recommended...