PT-2026-27834

Name of the Vulnerable Software and Affected Versions AncoraThemes Triompher versions through 1.1.0 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local...

PT-2026-27980

Name of the Vulnerable Software and Affected Versions Mikado-Themes Rosebud versions through 1.4 Description A flaw exists in the handling of filenames used in include/require statements within the PHP code of Mikado-Themes Rosebud, leading to a PHP Local File Inclusion issue. This allows for the...

PT-2026-27820

Name of the Vulnerable Software and Affected Versions Laurent versions prior to 3.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files within t...

PT-2026-27825

Name of the Vulnerable Software and Affected Versions ProLingua versions n/a through 1.1.12 Description The software contains an improper control of filename handling for include/require statements, leading to a PHP Local File Inclusion issue. The vulnerable component allows an attacker to includ...

PT-2026-27816

Name of the Vulnerable Software and Affected Versions Elated-Themes Gaspard versions n/a through 1.3 Description A flaw exists in the handling of filenames for Include/Require statements within a PHP program, specifically a PHP Remote File Inclusion issue in Elated-Themes Gaspard. This allows for...

PT-2026-27821

Name of the Vulnerable Software and Affected Versions Elated-Themes Lella versions n/a through 1.2 Description The software contains a flaw due to improper control of the filename for Include/Require statements in the PHP program, leading to a PHP Local File Inclusion issue. The vulnerable...

PT-2026-27824

Name of the Vulnerable Software and Affected Versions ThemeREX Nelson versions n/a through 1.2.0 Description A flaw exists in ThemeREX Nelson due to improper control of filename handling for include/require statements in the PHP program, leading to a PHP Local File Inclusion issue. The...

PT-2026-27974

Name of the Vulnerable Software and Affected Versions Mikado-Themes Belfort versions n/a through 1.0 Description A flaw exists in the handling of filenames used in include/require statements within a PHP program, specifically a PHP Local File Inclusion issue in Mikado-Themes Belfort. This allows...

WordPress plugin NaturaLife Extensions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

MAL-2026-2408 Malicious code in @cloudsop/hmoment (npm)

Malicious package due to suspicious install script attempting to require the current directory and low project popularity. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad95ef51ef99f49ca08b99a81d6a18ecb75dafb1dad2afc2bca687f221ef95dc The package...

EUVD-2026-13659

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Melania allows PHP Local File Inclusion.This issue affects Melania: from n/a through 2.5.0...

CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils

H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...

CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils

H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...

CVE-2026-33129

H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...

CVE-2026-22324

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Melania allows PHP Local File Inclusion.This issue affects Melania: from n/a through 2.5.0...

H3 安全漏洞

H3 is an open-source HTTP framework developed by H3. Versions of H3 from 2.0.1-beta.0 to 2.0.0-rc.8 contain security vulnerabilities. These vulnerabilities stem from the use of insecure string comparisons in the requireBasicAuth function, which may lead to timing side-channel attacks...

EUVD-2026-13068

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ovatheme Tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a before 1.5.6...

CVE-2026-27093

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through 1.5.6...

CVE-2026-27093 WordPress Tripgo theme < 1.5.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through 1.5.6...

PT-2026-26277

🔴 CVE-2026-27065 - Critical Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue ... https://t.co/XszWrmilIG https://t.co/8VXgWUhCGf...