Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

Lotus Core CMS 1.0.1 - Local File Inclusion

Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper , the novel file wiper has been used in a destructive campaign targeting the energy and utilities sect...

CVE-2026-22418

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Great Lotus great-lotus allows PHP Local File Inclusion.This issue affects Great Lotus: from n/a through = 1.3.1...

EUVD-2026-9547

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Great Lotus great-lotus allows PHP Local File Inclusion.This issue affects Great Lotus: from n/a through = 1.3.1...

CVE-2026-22418

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Great Lotus great-lotus allows PHP Local File Inclusion.This issue affects Great Lotus: from n/a through = 1.3.1...

CVE-2026-22418

CVE-2026-22418 affects the Great Lotus WordPress theme (versions up to and including 1.3.1). The issue is Local File Inclusion caused by improper control of the filename in PHP include/require statements. Public details indicate a high-severity impact (CVE CVSS score 8.1) with potential exposure ...

CVE-2026-22418 WordPress Great Lotus theme <= 1.3.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Great Lotus great-lotus allows PHP Local File Inclusion.This issue affects Great Lotus: from n/a through = 1.3.1...

CVE-2026-22418 WordPress Great Lotus theme <= 1.3.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Great Lotus great-lotus allows PHP Local File Inclusion.This issue affects Great Lotus: from n/a through = 1.3.1...

WordPress plugin Great Lotus 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-23168

Name of the Vulnerable Software and Affected Versions AncoraThemes Great Lotus versions through 1.3.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of...

filecoin-audit-kit

Filecoin Security Devnet Spin up a local Filecoin network for...

WordPress Great Lotus theme <= 1.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Great Lotus versions = 1.3.1...

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to...

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central...

CVE-2010-0358

Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service daemon exit and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087...

CVE-2010-0927

Cross-site scripting XSS vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920...

CVE-2010-0920

Cross-site scripting XSS vulnerability in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."...

CVE-2007-4309

IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini 1 KFMShowEntropy and 2 DebugOutfile debug variables, a different vulnerability than CVE-2005-2696...

CVE-2008-7286

IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service daemon crash via a request to resources.nsf, aka SPR XFXF7JDBCX...