Friday Squid Blogging: Giant Squid in the Star Trek Universe

Spock befriends a giant space squid in the comic Star Trek: Strange New Worlds: The Seeds of Salvation 5. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

CVE-2025-58949

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through = 1.17...

CVE-2025-58949

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through = 1.17...

CVE-2025-58949

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through = 1.17...

EUVD-2025-204147

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through = 1.17...

CVE-2025-58949 WordPress Spock theme <= 1.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through = 1.17...

CVE-2025-58949

The CVE-2025-58949 is tied to the WordPress Spock theme (versions ≤ 1.17). The issue is an improper control of filenames for include/require, enabling PHP Local File Inclusion. Affected software/component: WordPress Spock theme. Root cause: improper filename handling in PHP includes. Impact as de...

CVE-2025-58949 WordPress Spock theme <= 1.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through = 1.17...

PT-2025-52099

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through = 1.17...

WordPress plugin Spock 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Spock theme <= 1.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Spock versions = 1.17...

Fedora: Security Advisory for opentest4j (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: opentest4j-1.3.0-6.fc40

Open Test Alliance for the JVM is a minimal common foundation for testing libraries on the JVM. The primary goal of the project is to enable testing frameworks like JUnit, TestNG, Spock, etc. and third-party assertion libraries like Hamcrest, AssertJ, etc. to use a common set of exceptions that...

Spock SLAF - A Shared Library Application Firewall "SLAF"

Spock SLAF is a Shared Library Application Firewall "SLAF". It has the purpose to protect any service that uses the OpenSSL library. The SLAF inserts hooking to intercept all communication to detect security anomalies and block and log attacks like buffer overflow, path traversal, XXE and SQL...

Internet Bug Bounty: Industry-Wide MITM Vulnerability Impacting the JVM Ecosystem

I've been exploring the industry-wide scope of the use of HTTP to resolve dependencies in build infrastructure across the industry. What I unearthed was that some of the most popular libraries and two compilers were impacted by this vulnerability. Vulnerability CWE-829: Inclusion of Functionality...