CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

540 matches found

Patchstack•added 2026/03/23 12:28 p.m.•1 views

WordPress WoodMart theme <= 8.3.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme WoodMart versions = 8.3.8...

8.1CVSS5.8AI score0.00061EPSS

Exploits0Affected Software1

OSV•added 2026/03/10 10:8 a.m.•0 views

RHSA-2026:4077 Red Hat Security Advisory: php security update

Bulletin has no description...

6.5CVSS5.7AI score0.00019EPSS

Exploits1References8

EUVD•added 2026/03/05 6:30 a.m.•2 views

EUVD-2026-9673

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Yottis yottis allows PHP Local File Inclusion.This issue affects Yottis: from n/a through = 1.0.10...

5.9AI score0.00172EPSS

Exploits0References2

EUVD•added 2026/03/05 6:30 a.m.•1 views

EUVD-2026-9557

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wabi-Sabi wabi-sabi allows PHP Local File Inclusion.This issue affects Wabi-Sabi: from n/a through = 1.2...

5.9AI score0.00172EPSS

Exploits0References2

EUVD•added 2026/03/05 6:30 a.m.•1 views

EUVD-2026-9535

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Fleur fleur allows PHP Local File Inclusion.This issue affects Fleur: from n/a through = 2.0...

5.9AI score0.00172EPSS

Exploits0References2

NVD•added 2026/03/05 6:16 a.m.•1 views

CVE-2026-22399

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Holmes holmes allows PHP Local File Inclusion.This issue affects Holmes: from n/a through = 1.7...

8.1CVSS0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:53 a.m.•24 views

CVE-2026-22436 WordPress Helvig theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Helvig helvig allows PHP Local File Inclusion.This issue affects Helvig: from n/a through = 1.0...

8.1CVSS0.00172EPSS

Exploits0References1

Positive Technologies•added 2026/03/05 12:0 a.m.•0 views

PT-2026-23322

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Grit grit allows PHP Local File Inclusion.This issue affects Grit: from n/a through = 1.0.1...

5.9AI score0.00172EPSS

Exploits0References2

Positive Technologies•added 2026/03/05 12:0 a.m.•1 views

PT-2026-23169

Name of the Vulnerable Software and Affected Versions AncoraThemes Honor versions prior to 2.3 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendation...

5.8AI score0.00172EPSS

Exploits0References3

Positive Technologies•added 2026/03/05 12:0 a.m.•1 views

PT-2026-23277

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX The Qlean the-qlean allows PHP Local File Inclusion.This issue affects The Qlean: from n/a through = 2.12...

5.9AI score0.00172EPSS

Exploits0References2

Positive Technologies•added 2026/03/05 12:0 a.m.•1 views

PT-2026-23290

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Coinpress coinpress allows PHP Local File Inclusion.This issue affects Coinpress: from n/a through = 1.0.14...

5.9AI score0.00172EPSS

Exploits0References2

Positive Technologies•added 2026/03/05 12:0 a.m.•5 views

PT-2026-23396

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Notarius notarius allows PHP Local File Inclusion.This issue affects Notarius: from n/a through = 1.9...

5.9AI score0.00172EPSS

Exploits0References2

Positive Technologies•added 2026/03/05 12:0 a.m.•2 views

PT-2026-23392

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dr.Patterson dr-patterson allows PHP Local File Inclusion.This issue affects Dr.Patterson: from n/a through = 1.3.2...

5.9AI score0.00172EPSS

Exploits0References2

Positive Technologies•added 2026/03/05 12:0 a.m.•1 views

PT-2026-23328

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech FlashMart flashmart allows PHP Local File Inclusion.This issue affects FlashMart: from n/a through = 2.0.15...

5.9AI score0.00172EPSS

Exploits0References2

Tenable Nessus•added 2026/03/01 12:0 a.m.•4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005379)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005379 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containin...

5.8CVSS6AI score0.00663EPSS

Exploits1References3

Vulnrichment•added 2026/02/26 8:17 p.m.•2 views

CVE-2026-22206 SPIP < 4.4.10 SQL Injection RCE via Union & PHP Tags

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

8.8CVSS6.8AI score0.00224EPSS

Exploits0References3

NVD•added 2026/02/24 2:16 p.m.•3 views

CVE-2025-14577

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/sessionajax.php endpoint. This issue was fixed in version 1.24.0190 Slican NCP and 6.61.0010 Slica...

9.8CVSS0.0013EPSS

Exploits0References2

Vulnrichment•added 2026/02/20 3:47 p.m.•5 views

CVE-2026-22380 WordPress UnlimHost theme <= 1.2.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue affects UnlimHost: from n/a through = 1.2.3...

8.1CVSS5.6AI score0.00172EPSS

Exploits0References1

Cvelist•added 2026/02/20 3:46 p.m.•20 views

CVE-2025-69383 WordPress WP shop plugin <= 2.6.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through = 2.6.1...

7.5CVSS0.00132EPSS

Exploits0References1

Positive Technologies•added 2026/02/20 12:0 a.m.•3 views

PT-2026-21189

Name of the Vulnerable Software and Affected Versions Mikado-Themes HealthFirst versions through 1.0.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for unauthorized...

5.4AI score0.00056EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by