Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1656 matches found

ATTACKERKB
ATTACKERKBadded 2026/04/08 8:30 a.m.4 views

CVE-2026-39613

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue affects Boutique: from n/a through = 2.3.3...

5.9AI score0.00381EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/08 12:0 a.m.3 views

PT-2026-31176

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through = 4.2.9...

7.5CVSS5.9AI score0.00381EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/04/08 12:0 a.m.7 views

PT-2026-31178

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue affects Boutique: from n/a through = 2.3.3...

7.5CVSS5.9AI score0.00381EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/04/08 12:0 a.m.5 views

PT-2026-31151

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through = 8.3...

5.9AI score0.00381EPSS
Exploits0References3
CNVD
CNVDadded 2026/04/08 12:0 a.m.2 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16695)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to bypass groupAllowFrom and requireMention protections in group chats...

9.8CVSS5.7AI score0.00309EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2026/04/03 3:40 a.m.3 views

wisp has Allocation of Resources Without Limits or Throttling

Summary A multipart form parsing bug allows any unauthenticated user to bypass configured request size limits and trigger a denial of service by exhausting server memory or disk. Details The issue is in the multipart parsing logic, specifically in multipartbody and multipartheaders. When parsing...

8.7CVSS5.9AI score0.00622EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2026/03/31 10:22 p.m.64 views

GHSA-HV78-CWP4-8R7R baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)

Details The application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve...

8.7CVSS6.5AI score0.00577EPSS
Exploits1References5
EUVD
EUVDadded 2026/03/29 3:30 p.m.1 views

EUVD-2026-17007

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chattype are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group...

9.8CVSS5.9AI score0.00309EPSS
Exploits0References3
CVE
CVEadded 2026/03/29 12:44 p.m.11 views

CVE-2026-32924

OpenClaw before 2026.3.12 is affected by an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations rather than group chats. This misclassification allows attackers to bypass groupAllowFrom and requireMention protections for re...

9.8CVSS5.9AI score0.00309EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2026/03/27 10:32 p.m.1 views

GHSA-MW7W-G3MG-XQM7 OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events

Summary BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

5.3CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/03/27 10:32 p.m.9 views

OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events

Summary BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

5.9AI score
Exploits0References3Affected Software1
OSV
OSVadded 2026/03/27 6:22 p.m.4 views

GHSA-XJPJ-3MR7-GCPF Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...

8.2CVSS6AI score0.00293EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/03/26 5:5 p.m.2 views

CVE-2026-25464

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.4...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 5:4 p.m.2 views

CVE-2026-25457

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through = 2.1...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 5:4 p.m.1 views

CVE-2026-25380

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes Feedy feedy allows PHP Local File Inclusion.This issue affects Feedy: from n/a through 2.1.5...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 5:4 p.m.3 views

CVE-2026-25458

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 5:3 p.m.1 views

CVE-2026-25379

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes StreamVid streamvid allows PHP Local File Inclusion.This issue affects StreamVid: from n/a through 6.8.6...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 5:3 p.m.4 views

CVE-2026-32503

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS Trendustry trendustry allows PHP Local File Inclusion.This issue affects Trendustry: from n/a through = 1.1.4...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 5:2 p.m.3 views

CVE-2026-32537

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through =...

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 5:2 p.m.3 views

CVE-2026-32500

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through = 1.1.4...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Rows per page
Query Builder