CVE-2025-60043

The CVE-2025-60043 entry concerns the WordPress Wanderic theme (

CVE-2025-53447

CVE-2025-53447 describes an "Improper Control of Filename for Include/Require Statement" (PHP Remote File Inclusion vulnerability) in the WordPress/axiomthemes Assembly plugin/theme. Affected: axiomthemes Assembly up to and including 1.1 (WordPress Assembly theme 1.1) as per PT-2025-52041 and re...

WordPress plugin DJ Rainflow 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-68068

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Stockholm stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through = 9.14.1...

EUVD-2025-203550

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through = 4.4.7...

Ruijie RG-YST 安全漏洞

Ruijie RG-YST is a series of wireless bridges from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-YST AP3.01B11P280YST250F version, which originates from an unvalidated input to the pwdmodify function in the file /usr/lib/lua/luci/modules/common.lua, which could lead to an ...

CVE-2025-63739

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...

CVE-2025-63739

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...

SUSE CVE-2025-64344

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected wh...

CVE-2025-41734

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices...

PT-2025-47294

Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description A webserver misconfiguration allows an unauthenticated remote attacker to read the source code of PHP modules. Recommendations At the moment, there is no information about a newer version th...

CVE-2025-39468 WordPress Modal Survey plugin <= 2.0.2.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through = 2.0.2.0.1...

Redis: Redis Lua Use-After-Free may lead to remote code execution

A vulnerability found in Redis where a flaw in the Lua scripting engine can trigger a use-after-free condition. An authenticated attacker can exploit this by running a specially crafted Lua script, potentially resulting in remote code execution RCE within the Redis process...

Photon OS 5.0: Cups PHSA-2025-5.0-0616

An update of the cups package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0616. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EUVD-2018-20779

Malware in sbrugna...

RLSA-2025:7489 Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 php: Streams HTTP wrapper...

WordPress plugin Magazine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPress...

Photon OS 4.0: Nginx PHSA-2025-4.0-0852

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0852. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2024-11236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescape function on 32-bit systems can cause a...

Photon OS 5.0: Linux PHSA-2025-5.0-0575

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0575. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...