Medium: ansible-core

Issue Overview: A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in...

WordPress plugin Cookie Monster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

The vulnerability of microprogrammed programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi arises from incorrect handling of file names for PHP functions like include or require. This allows attackers to exploit their privileges and execute arbitrary code.

The vulnerability of microprogrammed programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi is related to incorrect handling of file names for PHP functions like include or require. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

CLSA-2025-1738852614 rsync: Fix of 2 CVEs

CVE-2024-12087: fix path traversal vulnerability in rsync enabled by the '--inc-recursive' option - CVE-2024-12088: make --safe-links stricter...

CLSA-2025-1738833413 rsync: Fix of 2 CVEs

CVE-2024-12087: fix path traversal vulnerability in rsync enabled by the '--inc-recursive' option - CVE-2024-12088: make --safe-links stricter...

CVE-2022-24803

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

CVE-2024-52427

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.3.11...

CVE-2024-53739

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: fr...

The vulnerability of the Post Grid, Slider & Carousel Ultimate plugin of the WordPress content management system arises from improper handling of file names for PHP functions like include or require. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Post Grid, Slider & Carousel plugin in the WordPress content management system is related to improper handling of file names for PHP functions like include or require. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...

CVE-2025-24782

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.10...

PT-2025-5226 · Unknown · Mihajlovic Nenad Improved Sale Badges

Name of the Vulnerable Software and Affected Versions: Mihajlovic Nenad Improved Sale Badges – Free Version versions 1.0.1 and earlier Description: The issue is related to improper control of filename for include/require statement in PHP program, also known as PHP Remote File Inclusion, which...

PT-2025-5225 · Unknown · Webarea Background Animation Blocks

Name of the Vulnerable Software and Affected Versions: WebArea Background animation blocks versions 2.1.5 and earlier Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local...

PT-2025-4502 · Unknown · Roninwp Fat Event Lite

Name of the Vulnerable Software and Affected Versions: Roninwp FAT Event Lite versions 1.1 and earlier Description: The issue is related to an improper control of filename for include/require statement in a PHP program, also known as 'PHP Remote File Inclusion'. This allows PHP Local File...

CVE-2025-22145

Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...

Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Impact Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers...

CVE-2025-22145

Carbon (PHP DateTime extension) has a vulnerability where unsanitized input passed to Carbon::setLocale could lead to arbitrary file include if a PHP file is uploaded in a folder that is includable. This affects users of the Carbon extension and is mitigated by fixes in Carbon release 3.8.4 and 2...

CVE-2025-22145 Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...

CVE-2024-53800

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through 4.15...

CVE-2024-49649

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23...

WordPress plugin Ach Invoice App 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...