1656 matches found
PT-2026-21180
Name of the Vulnerable Software and Affected Versions ThemeREX Cobble versions through 1.7 Description A flaw exists in ThemeREX Cobble that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a 'PHP Remote File Inclusio...
PT-2026-21208
Name of the Vulnerable Software and Affected Versions axiomthemes Soleng versions through 1.0.5 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of...
PT-2026-21178
Name of the Vulnerable Software and Affected Versions ThemeREX Tint versions through 1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendations Upda...
PT-2026-21202
Name of the Vulnerable Software and Affected Versions Jetpack CRM versions through 6.7.0 Description A flaw exists in Automattic Jetpack CRM that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue impacts the software when handling...
PT-2026-21092
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through = 1.3.14...
PT-2026-21187
Name of the Vulnerable Software and Affected Versions ThemeREX FreightCo versions through 1.1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendatio...
PT-2026-21054
Name of the Vulnerable Software and Affected Versions thembay Besa versions prior to 2.3.16 Description An issue exists in thembay Besa related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion. This allows for the inclusion of local files...
PT-2026-21218
Name of the Vulnerable Software and Affected Versions AncoraThemes Impacto Patronus versions through 1.2.3 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files...
PT-2026-21210
Name of the Vulnerable Software and Affected Versions AncoraThemes Coworking versions through 1.6.1 Description The software contains a flaw related to improper control of filename handling for include/require statements, potentially leading to PHP Local File Inclusion. The issue allows for the...
CVE-2026-27343
CVE-2026-27343 affects WordPress Airtifact theme versions
CVE-2026-25326
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through = 1.4.5...
CVE-2026-25242 Gogs allows unauthenticated file uploads
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...
WordPress plugin Airtifact 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Unauthenticated File Upload in Gogs
Security Advisory:Unauthenticated File Upload in Gogs Vulnerability Type: Unauthenticated File Upload Date: Aug 5, 2025 Discoverer: OpenAI Security Research Summary Gogs exposes unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any...
CVE-2026-25027 WordPress Unicamp theme <= 2.7.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through = 2.7.1...
CVE-2026-25027
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through = 2.7.1...
CVE-2024-54263
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2024-54263
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
BIT-DISCOURSE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change
Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...
CVE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change
Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...