Lucene search
K

47 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 5:4 p.m.4 views

CVE-2026-25458

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15740

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...

5.8AI score0.00403EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.10 views

CVE-2026-25458

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...

8.1CVSS0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.11 views

CVE-2026-25458

CVE-2026-25458 affects Moments (WordPress theme) up to version 2.2. The issue is an improper control of filename for include/require statements in PHP, effectively a PHP Remote File Inclusion that enables Local File Inclusion. According to Wordfence, this vulnerability is currently Unpatched; CVS...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.4 views

CVE-2026-25458 WordPress Moments theme <= 2.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.24 views

CVE-2026-25458 WordPress Moments theme <= 2.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...

8.1CVSS0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-27954

Name of the Vulnerable Software and Affected Versions Select-Themes Moments versions n/a through 2.2 Description A flaw exists in the handling of file names within the include/require statements of a PHP program, specifically a PHP Local File Inclusion issue in Select-Themes Moments. This allows...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

WordPress plugin Moments 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/17 10:47 a.m.6 views

WordPress Moments theme <= 2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Moments versions = 2.2...

8.1CVSS5.8AI score0.00403EPSS
Exploits0Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.2 views

On the Possible Detectability of Image-In-Image Steganography

This paper investigates the detectability of popular imagein-image steganography schemes 1, 2, 3, 4, 5. In this paradigm, the payload is usually an image of the same size as the Cover image, leading to very high embedding rates. We first show that the embedding yields a mixing process that is...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.2 views

OAuthHub: Mitigating OAuth Data Overaccess through a Local Data Hub

Most OAuth service providers, such as Google and Microsoft, offer only a limited range of coarse-grained data access. As a result, third-party OAuth applications often end up accessing more user data than necessary, even if their developers want to minimize data access. We present OAuthHub, a...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/04 12:0 a.m.4 views

Breaking Bad Email Habits: Bounding the Impact of Simulated Phishing Campaigns

Simulated phishing campaigns are widely deployed, yet the behavioral data they produce is endogenous: because training is triggered by clicking, the employees receiving intervention have already demonstrated susceptibility. This endogeneity, combined with the difficulty of separating genuine habi...

6AI score
Exploits0
Akamai Blog
Akamai Blog
added 2026/02/17 6:0 p.m.6 views

From Super Bowl to World Cup: How Akamai Delivers the Perfect Event

Learn why Akamai is at the core of the biggest online sporting events, and how we help you be successful in the most critical moments...

5.5AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-3492

Malware in sbrugna...

8.8CVSS8.6AI score0.01661EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-5246

Malware in sbrugna...

8.1CVSS6.4AI score0.00936EPSS
Exploits0References2
OSV
OSV
added 2024/02/01 8:50 p.m.2 views

CVE-2024-24945

A stored cross-site scripting XSS vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php...

6.1CVSS5.9AI score0.00479EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/01 12:0 a.m.17 views

CVE-2024-24945

A stored cross-site scripting XSS vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php...

6.1AI score0.00479EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.4 views

Travel Journal Cross-Site Scripting Vulnerability

Travel Journal is a travel journal for rems individual developers. A cross-site scripting vulnerability exists in Travel Journal v1.0 that originates from a vulnerability that allows an attacker to execute arbitrary web script or HTML by injecting a crafted payload into the Share Your Moments...

6.1CVSS6AI score0.00479EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.7 views

PT-2024-20677 · Unknown · Travel Journal Using Php/Mysql With Source Code

Name of the Vulnerable Software and Affected Versions: Travel Journal Using PHP and MySQL with Source Code version 1.0 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments paramete...

6.1CVSS6.3AI score0.00479EPSS
Exploits1References6
Openbugbounty
Openbugbounty
added 2024/01/28 1:48 p.m.14 views

preciousmoments.collectionhero.com Cross Site Scripting vulnerability OBB-3845139

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Rows per page
Query Builder