93018 matches found
CVE-2026-22420
CVE-2026-22420 pertains to the Horizon WordPress theme (AncoraThemes Horizon) with a Local File Inclusion vulnerability via improper control of the include/require filename, affecting Horizon versions up to and including 1.1. Public documentation in the connected sources confirms the vulnerabilit...
CVE-2026-22417 WordPress Grand Wedding theme < 3.1.11 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This issue affects Grand Wedding: from n/a through 3.1.11...
CVE-2026-22421
CVE-2026-22421 affects AncoraThemes Quantum WordPress theme (Quantum)
CVE-2026-22419 WordPress Honor theme <= 2.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Honor honor allows PHP Local File Inclusion.This issue affects Honor: from n/a through = 2.3...
CVE-2026-22421 WordPress Quantum theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Quantum quantum allows PHP Local File Inclusion.This issue affects Quantum: from n/a through = 1.0...
CVE-2026-22415 WordPress The Mounty theme <= 1.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes The Mounty the-mounty allows PHP Local File Inclusion.This issue affects The Mounty: from n/a through = 1.1...
CVE-2026-22416 WordPress FixTeam theme <= 1.5.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes FixTeam fixteam allows PHP Local File Inclusion.This issue affects FixTeam: from n/a through = 1.5.0...
CVE-2026-22408
CVE-2026-22408 is a Local File Inclusion vulnerability affecting Mikado-Themes Justicia WordPress theme (and Justicia plugin entry) up to version 1.2. The root cause is improper control of filename for include/require statements, enabling PHP Local File Inclusion. The CVE entry notes impact as hi...
CVE-2026-22403 WordPress Innovio theme <= 1.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Innovio innovio allows PHP Local File Inclusion.This issue affects Innovio: from n/a through = 1.9...
CVE-2026-22405
CVE-2026-22405 describes an Local File Inclusion flaw in the Mikado-Themes Overton WordPress theme (versions up to and including 1.3). The issue stems from improper control of filenames for include/require statements in the PHP code, enabling an attacker to potentially access local files via PHP ...
CVE-2026-22397 WordPress Fleur theme <= 2.2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Fleur fleur allows PHP Local File Inclusion.This issue affects Fleur: from n/a through = 2.2.1...
CVE-2026-22385 WordPress Wolmart theme <= 1.9.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects Wolmart: from n/a through = 1.9.6...
CVE-2026-22385 WordPress Wolmart theme <= 1.9.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects Wolmart: from n/a through = 1.9.6...
CVE-2025-69339 WordPress Molla theme <= 1.5.16 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla: from n/a through = 1.5.16...
CVE-2025-53335
CVE-2025-53335 describes a PHP Local File Inclusion in the WordPress theme Berger (ThemeREX Berger) via improper control of filenames for include/require statements. The issue affects Berger versions up to 1.1.1 and is listed with a high impact by CVSS (C/H, I/H, A/H) and a network attack vector,...
CVE-2025-54001 WordPress Classter theme <= 2.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through = 2.5...
CVE-2026-24848
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...
AVideo: Unauthenticated PHP session store exposed to host network via published memcached port
Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...
[SECURITY] Fedora 42 Update: php-zumba-json-serializer-3.2.4-1.fc42
This is a library to serialize PHP variables in JSON format. It is similar of the serialize function in PHP, but the output is a string JSON encoded. You can also unserialize the JSON generated by this tool and have you PHP content back. Autoloader: /usr/share/php/Zumba/JsonSerializer/autoload.ph...
[SECURITY] Fedora 43 Update: php-zumba-json-serializer-3.2.4-1.fc43
This is a library to serialize PHP variables in JSON format. It is similar of the serialize function in PHP, but the output is a string JSON encoded. You can also unserialize the JSON generated by this tool and have you PHP content back. Autoloader: /usr/share/php/Zumba/JsonSerializer/autoload.ph...