CVE-2025-57925

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in immonex immonex Kickstart Team immonex-kickstart-team allows PHP Local File Inclusion.This issue affects immonex Kickstart Team: from n/a through = 1.6.9...

PT-2025-39058

Name of the Vulnerable Software and Affected Versions PenciDesign Soledad versions through 8.6.8 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

WAFTest

This repository is an offensive tool for testing web application firewalls WAFs. It contains a collection of test cases and scripts to evaluate the effectiveness of WAFs against various types of attacks. The tool includes test cases for common web application vulnerabilities such as: Command...

CVE-2025-41243

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...

CVE-2025-9556 CVE-2025-9556

Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a...

LangChain Go 安全漏洞

LangChain Go is a simple framework for writing LLM-based programs in Go by the individual developer Travis Cline. A security vulnerability exists in LangChain Go version 0.1.14, which stems from support for include and extends syntax for reading files, and could lead to a server-side template...

PT-2025-37319

Name of the Vulnerable Software and Affected Versions: langchaingo affected versions not specified Description: langchaingo utilizes the gonja library version 1.5.3 to parse prompts that support jinja2 syntax. The gonja library’s support for include and extend syntax, which allows reading files,...

CVE-2025-58983

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stefano Lissa Include Me include-me allows Stored XSS.This issue affects Include Me: from n/a through = 1.3.2...

CVE-2025-58215

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Ziston ziston allows PHP Local File Inclusion.This issue affects Ziston: from n/a through 1.4.5...

CVE-2025-47695

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

CVE-2025-54709

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6...

CVE-2025-47571

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in highwarden Super Store Finder superstorefinder-wp allows PHP Local File Inclusion.This issue affects Super Store Finder: from n/a through 7.8...

Linux Distros Unpatched Vulnerability : CVE-2021-20187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP...

CVE-2025-58983

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stefano Lissa Include Me include-me allows Stored XSS.This issue affects Include Me: from n/a through = 1.3.2...

CVE-2025-58215

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Ziston ziston allows PHP Local File Inclusion.This issue affects Ziston: from n/a through 1.4.5...

CVE-2025-54709

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6...

WordPress Include Me Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Jihwan Moon in WordPress Plugin Include Me versions = 1.3.2...

CVE-2025-58983 WordPress Include Me Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stefano Lissa Include Me include-me allows Stored XSS.This issue affects Include Me: from n/a through = 1.3.2...

CVE-2025-58983

CVE-2025-58983 concerns the WordPress plugin Include Me (versions up to and including 1.3.2) with a Stored XSS vulnerability caused by improper input neutralization during web page generation. The issue affects Include Me and has been patched in version 1.3.2; mitigation is to update to a version...

CVE-2025-58983 WordPress Include Me Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stefano Lissa Include Me allows Stored XSS. This issue affects Include Me: from n/a through 1.3.2...