CVE-2012-4919

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability...

CVE-2005-3332

PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter...

CVE-1999-0561

IIS has the exec function enabled for Server Side Include SSI files...

CVE-2025-47576 WordPress Bimber - Viral Magazine WordPress Theme theme <= 9.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through 9.2.5...

CVE-2025-48136

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12...

CVE-2025-39507 WordPress Nasa Core Plugin <= 6.4.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affects Nasa Core: from n/a through 6.4.4...

anti-debugging (=0.0.0), capcom0 (=0.1.1) +9 more potentially affected by CVE-2024-58253 via obfstr (>=0.1.1 <=0.3.0)

obfstr CARGO version =0.1.1, =0.7.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =1.0.3, =0.1.0, =0.6.0, =0.6.0, =0.11.0 Source cves: CVE-2024-58253 Source advisory: OSV:GHSA-V2P5-Q653-9J99...

BIT-MOODLE-2024-34004 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

BIT-MOODLE-2024-34003 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

BIT-MOODLE-2024-34002 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

CVE-2025-39429

CVE-2025-39429 is a Local File Inclusion vulnerability in the WordPress plugin Széchenyi 2020 Logo (versions n/a–1.1). The weakness stems from improper filename handling in PHP Include/Require, enabling an attacker to influence file inclusion through crafted input. The provided Connected/External...

WordPress plugin Ray Enterprise Translation 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2025-39592 WordPress Subscribe to Unlock Lite plugin <= 1.3.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Shuffle Subscribe to Unlock Lite subscribe-to-unlock-lite allows PHP Local File Inclusion.This issue affects Subscribe to Unlock Lite: from n/a through = 1.3.0...

WordPress plugin Booking and Rental Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of the l3mdev_l3_out() function in the include/net/l3mdev.h module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the l3mdevl3out function in the include/net/l3mdev.h module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of the tls_user_config() function in the include/net/tls.h module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the tlsuserconfig function in the include/net/tls.h module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

PT-2025-16085

Name of the Vulnerable Software and Affected Versions: EventON versions prior to 2.3.2 EventON version 2.3.2 Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...

Moodle 4.3.x < 4.3.3 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.10, or 4.2.x prior to 4.2.7 or 4.3.x prior to 4.3.3. It is, therefore, affected by multiple vulnerabilities. - Actions in the admin management of analytics models did not include the necessary tok...

Moodle < 4.1.10 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.10, or 4.2.x prior to 4.2.7 or 4.3.x prior to 4.3.3. It is, therefore, affected by multiple vulnerabilities. - Actions in the admin management of analytics models did not include the necessary tok...

DEBIAN-CVE-2025-3409

A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stbincludestring. The manipulation of the argument pathtoincludes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use...