CVE-2024-51319

A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimgupload.jsp...

WordPress plugin Review Schema 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-51319

CVE-2024-51319 : A local file inclusion in Zucchetti Ad Hoc Infinity 2.4’s /servlet/Report, exploited by uploading a JSP web/reverse shell through /jsp/zimg_upload.jsp, allows an authenticated attacker to achieve Remote Code Execution. The vulnerability is locally exploitable with LOW user intera...

Linux Distros Unpatched Vulnerability : CVE-2025-22145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if...

Information Exposure

Overview unstructured is an A library that prepares raw documents for downstream ML tasks. Affected versions of this package are vulnerable to Information Exposure when the filetype supports an include functionality, it is possible to partition arbitrary local files. This vulnerability specifical...

GHSA-P75G-CXFJ-7WRX Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro

Summary If untrusted user input is used to dynamically create a PebbleTemplate with the method PebbleEnginegetLiteralTemplate, then an attacker can include arbitrary local files from the file system into the generated template, leaking potentially sensitive information into the output of...

CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...

CVE-2025-1686

All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or...

CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...

CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...

CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...

PT-2025-8914

Name of the Vulnerable Software and Affected Versions io.pebbletemplates:pebble versions affected versions not specified Description The issue allows an attacker to control file names or paths via the include tag, potentially accessing sensitive local files like /etc/passwd or /proc/1/environ by...

Pebble 安全漏洞

Pebble is a Java template engine open-sourced by PebbleTemplates. A security vulnerability exists in Pebble that stems from easy external control of file names or paths via include tags, which allows an elevated-privilege attacker to access sensitive local files by crafting malicious notification...

CVE-2025-26964

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.20...

PT-2025-7880 · Unknown · Majestic Support

Name of the Vulnerable Software and Affected Versions: Majestic Support versions 1.0.0 through 1.0.6 Description: The issue affects Majestic Support, allowing PHP Local File Inclusion due to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File...

External Control of File Name or Path

Overview io.pebbletemplates:pebble is a java templating engine inspired by Twig. Affected versions of this package are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates...

CVE-2025-27137

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the SYSTEMCONFIGURATION permission to customize notification templates. Templates are evaluated using the Pebble template engine...

Dependency-Track 安全漏洞

Dependency-Track is Dependency-Track's open source set of intelligent supply chain component analysis platforms for identifying third-party component risks. A security vulnerability exists in Dependency-Track versions prior to 4.12.6, which stems from improper handling of include tags in the Pebb...

WordPress plugin VG PostCarousel 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-7609 · Full · Full

Name of the Vulnerable Software and Affected Versions: FULL Customer versions 3.1.26 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' or PHP Local File Inclusion vulnerability...