28889 matches found
CVE-2025-5917
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to...
CVE-2025-5917
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to...
CVE-2025-5918 Libarchive: reading past eof may be triggered for piped file streams
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memo...
CVE-2025-26592 WordPress Lab Theme <= 1.0.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Lab lab allows PHP Local File Inclusion.This issue affects Lab: from n/a through = 1.0.0...
CVE-2025-28944 WordPress Avaz theme <= 2.8 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme Avaz snsavaz allows PHP Local File Inclusion.This issue affects Avaz: from n/a through = 2.8...
CVE-2025-32595
CVE-2025-32595 is a WordPress Krowd (Krowd theme) vulnerability: an unauthenticated Local File Inclusion (LFI) due to improper filtering of local file resource calls in the PHP include/require flow, affecting Krowd up to version 1.4.1. The CVE is linked to Wordfence and CNVD entries that describe...
CVE-2025-32595 WordPress Krowd theme < 1.5.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Krowd krowd allows PHP Local File Inclusion.This issue affects Krowd: from n/a through 1.5.0...
CVE-2025-39476 WordPress Revo theme <= 4.0.26 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Revo revo allows PHP Local File Inclusion.This issue affects Revo: from n/a through = 4.0.26...
CVE-2025-48125 WordPress WP Event Manager <= 3.1.49 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Event Manager WP Event Manager allows PHP Local File Inclusion. This issue affects WP Event Manager: from n/a through 3.1.49...
CVE-2025-48126 WordPress Essential Real Estate <= 5.2.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.1...
The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking
Plus: A 22-year-old former intern gets put in charge of a key anti-terrorism program, threat intelligence firms finally wrangle their confusing names for hacker groups, and more...
CVE-2018-25112
An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device...
CVE-2025-4598 Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the origina...
SourceCodester Computer Store System 安全漏洞
SourceCodester Computer Store System is an open source computer storage system from SourceCodester. A security vulnerability exists in SourceCodester Computer Store System version 1.0, which stems from improper handling of the laptopcompany/RAM/Processor parameter in the Add function in the main....
Hackney 安全漏洞
Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney that originates from not properly releasing an HTTP connection after processing a 307 redirect response, which could result in a denial of service...
SIGB PMB 访问控制错误漏洞
SIGB PMB is an open source integrated library management system from SIGB. An access control error vulnerability exists in SIGB PMB versions prior to 8.0.1.2, which stems from the installation program allowing remote code execution...
CISO's Guide To Web Privacy Validation And Why It's Important
Are your web privacy controls protecting your users, or just a box-ticking exercise? This CISO's guide provides a practical roadmap for continuous web privacy validation that's aligned with real-world practices. – Download the full guide here. Web Privacy: From Legal Requirement to Business...
CVE-2025-31632 WordPress La Boom <= 2.7 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom: from n/a through 2.7...
CVE-2025-47438
CVE-2025-47438 - WP Job Portal plugin for WordPress suffers from an unauthenticated local file inclusion due to improper control of the filename for include/require in PHP. This allows an attacker to include local files on the server when exploiting WP Job Portal versions at or below 2.3.1. Multi...
CVE-2025-47672 WordPress miniOrange Discord Integration <= 2.2.2 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in miniOrange miniOrange Discord Integration allows PHP Local File Inclusion. This issue affects miniOrange Discord Integration: from n/a through 2.2.2...