CVE-2025-59940 mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders

mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8...

CVE-2025-59940 mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders

mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8...

aiagents4pharma (>=1.3.0 <=1.48.1), aiagents4pharma-ansh (=0.0.0) +11 more potentially affected by CVE-2025-59940 via mkdocs-include-markdown-plugin (>=3.8.1 <=7.1.7)

mkdocs-include-markdown-plugin PYPI version =3.8.1, =1.3.0, =0.7.0, =2025.9.131446, =0.5.17, =0.1.0, =0.0.4, =2023.6.1, =0.0.130, =0.1.0, =0.1.1 Source cves: CVE-2025-59940 Source advisory: OSV:GHSA-V39M-5M9J-M9W9...

Improper Neutralization of Escape Characters

Overview mkdocs-include-markdown-plugin is a Mkdocs Markdown includer plugin. Affected versions of this package are vulnerable to Improper Neutralization of Escape Characters in the placeholder substitution process. An attacker can cause unintended modifications to output or disrupt application...

GHSA-V39M-5M9J-M9W9 mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders

Impact CWE-20: Improper Input Validation Low impact Patches Patched in v7.1.8 commit https://github.com/mondeja/mkdocs-include-markdown-plugin/commit/7466d67aa0de8ffbc427204ad2475fed07678915 Workarounds No...

mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders

Impact CWE-20: Improper Input Validation Low impact Patches Patched in v7.1.8 commit https://github.com/mondeja/mkdocs-include-markdown-plugin/commit/7466d67aa0de8ffbc427204ad2475fed07678915 Workarounds No...

CVE-2025-60150

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows PHP Local File Inclusion.This issue affects Subscribe to Download: from n/a through = 2.0.9...

CVE-2025-60153

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpshuffle Subscribe To Unlock subscribe-to-unlock allows PHP Local File Inclusion.This issue affects Subscribe To Unlock: from n/a through = 1.1.5...

CVE-2025-60126

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PluginOps Testimonial Slider testimonial-add allows PHP Local File Inclusion.This issue affects Testimonial Slider: from n/a through = 3.5.8.6...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the uclincludecommon function. An attacker can execute arbitrary code or cause a denial of service by supplying crafted input to this function. Remediation A fix was pushed into the master branch but not y...

CVE-2025-11010

A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function uclincludecommon of the file /src/uclutil.c. Such manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the...

CVE-2025-11010 vstakhov libucl ucl_util.c ucl_include_common heap-based overflow

A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function uclincludecommon of the file /src/uclutil.c. Such manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the...

CVE-2025-60126

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PluginOps Testimonial Slider testimonial-add allows PHP Local File Inclusion.This issue affects Testimonial Slider: from n/a through = 3.5.8.6...

CVE-2025-60150 WordPress Subscribe to Download plugin <= 2.0.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows PHP Local File Inclusion.This issue affects Subscribe to Download: from n/a through = 2.0.9...

WordPress plugin Subscribe To Unlock Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

PT-2025-39593

Name of the Vulnerable Software and Affected Versions wpshuffle Subscribe to Download versions through 2.0.9 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion...

PT-2025-39631

Name of the Vulnerable Software and Affected Versions libucl versions up to 0.9.2 Description A flaw exists in the ucl include common function within the /src/ucl util.c file. This can lead to a heap-based buffer overflow. Local access is needed for exploitation. The exploit details have been...

PT-2025-39573

Name of the Vulnerable Software and Affected Versions PluginOps Testimonial Slider versions through 3.5.8.6 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for unauthorized...

CVE-2025-6921 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service ReDoS in the AdamWeightDecay optimizer. The vulnerability arises from the douseweightdecay method, which processes user-controlled regular expressions in the includeinweightdecay...

CVE-2025-59588

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through = 8.6.8...