CVE-2024-52428

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12...

CVE-2024-50457

: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3...

CVE-2024-50436

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Theme Horse Clean Retina.This issue affects Clean Retina: from n/a through 3.0.6...

CVE-2024-50436

CVE-2024-50436 is a Local File Inclusion vulnerability in the WordPress Theme Clean Retina (Theme Horse)

PT-2024-34210

Name of the Vulnerable Software and Affected Versions: Theme Horse Meta News versions 1.1.7 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This is a type of vulnerability whe...

WordPress plugin Mags 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-49243

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Jon Vincent Mendoza Dynamic Elementor Addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through 1.0.0...

PT-2024-33381 · Elementor · Dynamic Elementor Addons

Name of the Vulnerable Software and Affected Versions: Dynamic Elementor Addons versions 1.0.0 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP...

PT-2025-2805 · Flxeon · Flxeon

Name of the Vulnerable Software and Affected Versions: FLXEON versions 9.3.4 and older Description: Network access can be used to execute arbitrary code with elevated privileges. This issue is related to incorrect handling of file names for PHP functions include or require, which may allow a remo...

USN-7055-1 freeradius vulnerability

Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that FreeRADIUS incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses,...

Optigo Networks ONS-S8 - Spectra Aggregation Switch

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Optigo Networks Equipment: ONS-S8 - Spectra Aggregation Switch Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion', Weak...

OcoMon 安全漏洞

OcoMon is a helpdesk system by the individual developer Rafael Foster. It is designed to manage integrated inventory control that supports tickets and computing devices. A security vulnerability exists in OcoMon version 4.0, which stems from unknown handling of the file...

CVE-2023-38506 Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized or not sanitized properly. As such, the onload...

CVE-2024-35650

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a through = 1.3.0...

WordPress plugin MelaPress Login Security security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

DEBIAN-CVE-2023-51580

BlueZ Audio Profile AVRCP avrcpparseattributelist Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this...

WordPress Backup Migration 1.3.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Backup Migration Plugin PHP Filter Chain RCE', 'Description' = %q This module exploits an unauth RCE in the WordPress plugin: Backup...

Loss of Funds for Users Due to Token Purchase after Maximum Supply

Lines of code Vulnerability details Summary When the token's total supply reaches its maximum, users lose funds when attempting to buy tokens, as the transaction completes without minting new tokens. Vulnerability Details To engage in the voting system, users must acquire tokens directly from the...

PT-2023-32161 · Canonical · Lxd +1

Name of the Vulnerable Software and Affected Versions: LXD affected versions not specified Ubuntu Server affected versions not specified Description: A feature in LXD affects the default configuration of Ubuntu Server, allowing privileged users in the lxd group to escalate their privilege to root...

VulnCheck KEV: CVE-2022-0679

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure...