WordPress plugin Echo 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-62521

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2025-62521

Summary: CVE-2025-62521 affects ChurchCRM before 5.21.0. A pre-authentication RCE exists in the setup wizard due to unsanitized user input in setup/routes/setup.php, which is directly concatenated into a PHP configuration template and written to Include/Config.php, then executed on every page loa...

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2025-68067

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through = 2.4.6...

CVE-2025-67898

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

rsync: Path traversal vulnerability in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

CVE-2025-34288 Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a...

CVE-2025-34288

Nagios XI versions prior to 2026R1.1 are affected by a local privilege-escalation flaw caused by an unsafe interaction between sudo permissions and application file permissions. A maintenance script, accessible to users, may run as root via sudo and includes an application file writable by a lowe...

CVE-2025-34288 Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a...

EUVD-2025-203546

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through = 2.4.6...

EUVD-2025-203545

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Stockholm stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through = 9.14.1...

EUVD-2025-203549

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through = 3.9.6...

EUVD-2025-203550

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through = 4.4.7...

EUVD-2025-203547

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through = 8.7.0...

CVE-2025-68068

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Stockholm stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through = 9.14.1...

CVE-2025-68067

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through = 2.4.6...

CVE-2025-68061

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through = 4.4.7...

CVE-2025-68065

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LiquidThemes Hub Core allows PHP Local File Inclusion. This issue affects Hub Core: from n/a before 6.0.2...