PT-2026-21060

Name of the Vulnerable Software and Affected Versions LoftOcean PatioTime versions prior to 2.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

Oracle Linux 9 : php (ELSA-2026-2799)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2799 advisory. - Fix Heap buffer overflow in arraymerge CVE-2025-14178 Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2026-1391 Vzaar Media Management <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...

php: PHP Hostname Null Character Vulnerability

A flaw was found in PHP. The fsockopen function and related functions fail to validate NULL characters within the provided hostname, potentially leading to unexpected behavior during parsing. This flaw allows a network attacker to supply a specially crafted hostname. This issue can result in a...

CVE-2026-22402

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through = 2.4.7...

PT-2026-4380

Name of the Vulnerable Software and Affected Versions Select-Themes Prowess versions prior to 2.3 Description A flaw exists in Select-Themes Prowess that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a 'PHP Remote...

PT-2026-4014

Name of the Vulnerable Software and Affected Versions Myour versions through 1.5.1 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendations Update Myo...

Astra Linux - уязвимость в php8.2

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...

CVE-2025-49370

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Lymcoin lymcoin allows PHP Local File Inclusion.This issue affects Lymcoin: from n/a through = 1.3.12...

CVE-2025-60053

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes MaxCube maxcube allows PHP Local File Inclusion.This issue affects MaxCube: from n/a through = 1.3.1...

CVE-2025-53438

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes FitLine fitline allows PHP Local File Inclusion.This issue affects FitLine: from n/a through = 1.6...

EUVD-2025-204164

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Palatio palatio allows PHP Local File Inclusion.This issue affects Palatio: from n/a through = 1.6...

EUVD-2025-204158

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Tacticool tacticool allows PHP Local File Inclusion.This issue affects Tacticool: from n/a through = 1.0.13...

EUVD-2025-204176

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Otaku otaku allows PHP Local File Inclusion.This issue affects Otaku: from n/a through = 1.8.0...

EUVD-2025-204224

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Femme femme allows PHP Local File Inclusion.This issue affects Femme: from n/a through = 1.3.11...

PT-2025-52031

Name of the Vulnerable Software and Affected Versions axiomthemes Plan My Day versions through 1.1.13 Description An issue exists in axiomthemes Plan My Day that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This could allow for unauthoriz...

PT-2025-52068

Name of the Vulnerable Software and Affected Versions axiomthemes Good Mood versions through 1.16 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...

PT-2025-52075

Name of the Vulnerable Software and Affected Versions axiomthemes Critique versions through 1.17 Description A flaw exists in axiomthemes Critique that allows for PHP Local File Inclusion due to an improper control of filename for include/require statement. This issue is related to a 'PHP Remote...

PT-2025-52027

Name of the Vulnerable Software and Affected Versions AncoraThemes Emberlyn versions through 1.3.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

PT-2025-52117

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Winger winger allows PHP Local File Inclusion.This issue affects Winger: from n/a through = 1.0.16...