93340 matches found
CVE-2026-22403 WordPress Innovio theme <= 1.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Innovio innovio allows PHP Local File Inclusion.This issue affects Innovio: from n/a through = 1.9...
CVE-2026-22405
CVE-2026-22405 describes an Local File Inclusion flaw in the Mikado-Themes Overton WordPress theme (versions up to and including 1.3). The issue stems from improper control of filenames for include/require statements in the PHP code, enabling an attacker to potentially access local files via PHP ...
CVE-2026-22397 WordPress Fleur theme <= 2.2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Fleur fleur allows PHP Local File Inclusion.This issue affects Fleur: from n/a through = 2.2.1...
CVE-2026-22385 WordPress Wolmart theme <= 1.9.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects Wolmart: from n/a through = 1.9.6...
CVE-2026-22385 WordPress Wolmart theme <= 1.9.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects Wolmart: from n/a through = 1.9.6...
CVE-2025-69339 WordPress Molla theme <= 1.5.16 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla: from n/a through = 1.5.16...
CVE-2025-53335
CVE-2025-53335 describes a PHP Local File Inclusion in the WordPress theme Berger (ThemeREX Berger) via improper control of filenames for include/require statements. The issue affects Berger versions up to 1.1.1 and is listed with a high impact by CVSS (C/H, I/H, A/H) and a network attack vector,...
CVE-2025-54001 WordPress Classter theme <= 2.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through = 2.5...
CVE-2026-24848
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...
AVideo: Unauthenticated PHP session store exposed to host network via published memcached port
Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...
[SECURITY] Fedora 42 Update: php-zumba-json-serializer-3.2.4-1.fc42
This is a library to serialize PHP variables in JSON format. It is similar of the serialize function in PHP, but the output is a string JSON encoded. You can also unserialize the JSON generated by this tool and have you PHP content back. Autoloader: /usr/share/php/Zumba/JsonSerializer/autoload.ph...
[SECURITY] Fedora 43 Update: php-zumba-json-serializer-3.2.4-1.fc43
This is a library to serialize PHP variables in JSON format. It is similar of the serialize function in PHP, but the output is a string JSON encoded. You can also unserialize the JSON generated by this tool and have you PHP content back. Autoloader: /usr/share/php/Zumba/JsonSerializer/autoload.ph...
PT-2026-23364
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Daiquiri daiquiri allows PHP Local File Inclusion.This issue affects Daiquiri: from n/a through = 1.2.4...
WordPress plugin Fiorello 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-23289
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Yungen yungen allows PHP Local File Inclusion.This issue affects Yungen: from n/a through = 1.0.12...
PT-2026-23143
Name of the Vulnerable Software and Affected Versions ovatheme Remons versions through 1.3.4 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files...
PT-2026-23330
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Beacon beacon allows PHP Local File Inclusion.This issue affects Beacon: from n/a through = 2.24...
PT-2026-23292
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Scientia scientia allows PHP Local File Inclusion.This issue affects Scientia: from n/a through = 1.2.4...
PT-2026-23309
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Kayon kayon allows PHP Local File Inclusion.This issue affects Kayon: from n/a through = 1.3...
PT-2026-23188
Name of the Vulnerable Software and Affected Versions Elated-Themes Zentrum versions n/a through 1.0 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...