CVE-2026-39611

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through = 4.2.9...

CVE-2026-32400

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through = 7.7...

CVE-2026-27381

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through = 1.3.15...

CVE-2026-23801

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affects The Issue: from n/a through = 1.6.11...

EUVD-2026-9534

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Fiorello fiorello allows PHP Local File Inclusion.This issue affects Fiorello: from n/a through = 1.0...

CVE-2026-28123

CVE-2026-28123 is a Local File Inclusion vulnerability in the Veil WordPress theme (Veil) affecting versions

CVE-2026-22437 WordPress Playa theme <= 1.3.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Playa playa allows PHP Local File Inclusion.This issue affects Playa: from n/a through = 1.3.9...

MiracleLinux 4 : php-5.3.3-27.AXS4.1 (AXSA:2014-484:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-484:02 advisory. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP al...

MiracleLinux 4 : php-5.3.3-3.AXS4.6 (AXSA:2012-101:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-101:02 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in...

CVE-2025-53447

CVE-2025-53447 describes an "Improper Control of Filename for Include/Require Statement" (PHP Remote File Inclusion vulnerability) in the WordPress/axiomthemes Assembly plugin/theme. Affected: axiomthemes Assembly up to and including 1.1 (WordPress Assembly theme 1.1) as per PT-2025-52041 and re...

WordPress plugin DJ Rainflow 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2025-203550

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through = 4.4.7...

CLSA-2024-1734368090 php: Fix of CVE-2023-3824

CVE-2023-3824: Update length checking in PHAR directory entries reading to prevent stack buffer overflow and potential memory corruption or RCE...

SUSE CVE-2005-1043

exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service memory consumption and crash via an EXIF header with a large IFD nesting level, which causes significant stack recursion...

SUSE CVE-2008-2107

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mtrand functions an...

PHP has an unspecified vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

Kajona Directory Traversal Vulnerability

Kajona is an open source CMS written in PHP. A directory traversal vulnerability exists in Kajona version 4.7. An attacker can exploit this vulnerability to obtain information about files present on the system...

PHP gdImageWebpCtx Function Heap Overflow Vulnerability

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A heap overflow vulnerability exists in the PHP gdImageWebpCtx function, which allows remote attackers to exploit the vulnerability to execute arbitrary code...

PHP 'ext/standard/string.c' Information Disclosure Vulnerability

PHP is an open source general-purpose computer scripting language. An information disclosure vulnerability exists in PHP 'ext/standard/string.c', which allows attackers to exploit the vulnerability to obtain sensitive information or launch further attacks...

UBUNTU-CVE-2015-8879

The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause a denial of service application crash in opportunistic circumstances by leveraging use of the odbcfetcharray function to access a certain...