47 matches found
CVE-2026-25458
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...
EUVD-2026-15740
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...
CVE-2026-25458
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...
CVE-2026-25458
CVE-2026-25458 affects Moments (WordPress theme) up to version 2.2. The issue is an improper control of filename for include/require statements in PHP, effectively a PHP Remote File Inclusion that enables Local File Inclusion. According to Wordfence, this vulnerability is currently Unpatched; CVS...
CVE-2026-25458 WordPress Moments theme <= 2.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...
CVE-2026-25458 WordPress Moments theme <= 2.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...
PT-2026-27954
Name of the Vulnerable Software and Affected Versions Select-Themes Moments versions n/a through 2.2 Description A flaw exists in the handling of file names within the include/require statements of a PHP program, specifically a PHP Local File Inclusion issue in Select-Themes Moments. This allows...
WordPress plugin Moments 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Moments theme <= 2.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Moments versions = 2.2...
On the Possible Detectability of Image-In-Image Steganography
This paper investigates the detectability of popular imagein-image steganography schemes 1, 2, 3, 4, 5. In this paradigm, the payload is usually an image of the same size as the Cover image, leading to very high embedding rates. We first show that the embedding yields a mixing process that is...
OAuthHub: Mitigating OAuth Data Overaccess through a Local Data Hub
Most OAuth service providers, such as Google and Microsoft, offer only a limited range of coarse-grained data access. As a result, third-party OAuth applications often end up accessing more user data than necessary, even if their developers want to minimize data access. We present OAuthHub, a...
Breaking Bad Email Habits: Bounding the Impact of Simulated Phishing Campaigns
Simulated phishing campaigns are widely deployed, yet the behavioral data they produce is endogenous: because training is triggered by clicking, the employees receiving intervention have already demonstrated susceptibility. This endogeneity, combined with the difficulty of separating genuine habi...
From Super Bowl to World Cup: How Akamai Delivers the Perfect Event
Learn why Akamai is at the core of the biggest online sporting events, and how we help you be successful in the most critical moments...
EUVD-2019-3492
Malware in sbrugna...
EUVD-2018-5246
Malware in sbrugna...
CVE-2024-24945
A stored cross-site scripting XSS vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php...
CVE-2024-24945
A stored cross-site scripting XSS vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php...
Travel Journal Cross-Site Scripting Vulnerability
Travel Journal is a travel journal for rems individual developers. A cross-site scripting vulnerability exists in Travel Journal v1.0 that originates from a vulnerability that allows an attacker to execute arbitrary web script or HTML by injecting a crafted payload into the Share Your Moments...
PT-2024-20677 · Unknown · Travel Journal Using Php/Mysql With Source Code
Name of the Vulnerable Software and Affected Versions: Travel Journal Using PHP and MySQL with Source Code version 1.0 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments paramete...
preciousmoments.collectionhero.com Cross Site Scripting vulnerability OBB-3845139
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...