2120 matches found
CVE-2026-22511 WordPress NeoBeat theme <= 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affects NeoBeat: from n/a through = 1.2...
CVE-2026-22499
CVE-2026-22499 concerns the WordPress Lella theme. Affected software: Lella versions n/a through 1.2. Root cause: Improper control of filenames used by Include/Require in PHP, enabling Local File Inclusion. Impact per sources: potential PHP Local File Inclusion with high severity (CVSS 3.1 base 8...
CVE-2026-22503
CVE-2026-22503 relates to the WordPress Theme Nelson by ThemeREX, where an improper filename validation in PHP include/require statements leads to a PHP Local File Inclusion (LFI) vulnerability. Affected product: Nelson versions from unspecified until <= 1.2.0. The NVD/Red Hat/patch sources de...
CVE-2026-22499 WordPress Lella theme <= 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Lella lella allows PHP Local File Inclusion.This issue affects Lella: from n/a through = 1.2...
CVE-2026-22493
CVE-2026-22493 describes a Local File Inclusion in WordPress Gaspard theme (<= 1.3) due to improper filename handling for PHP Include/Require. Impact may allow an attacker to disclose or manipulate local files via a PHP inclusion vector. The Red Hat and NVD records confirm the same vulnerabili...
CVE-2026-22495 WordPress Greenville theme <= 1.3.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue affects Greenville: from n/a through = 1.3.2...
CVE-2026-22493 WordPress Gaspard theme <= 1.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Gaspard gaspard allows PHP Local File Inclusion.This issue affects Gaspard: from n/a through = 1.3...
PT-2026-27979
Name of the Vulnerable Software and Affected Versions Mikado-Themes Deston versions n/a through 1.0 Description A flaw exists in the handling of filenames for include/require statements within a PHP program, specifically a PHP Remote File Inclusion issue in Mikado-Themes Deston. This allows for P...
PT-2026-27974
Name of the Vulnerable Software and Affected Versions Mikado-Themes Belfort versions n/a through 1.0 Description A flaw exists in the handling of filenames used in include/require statements within a PHP program, specifically a PHP Local File Inclusion issue in Mikado-Themes Belfort. This allows...
PT-2026-27932
Name of the Vulnerable Software and Affected Versions jwsthemes IdealAuto versions prior to 3.8.6 Description A flaw exists in the handling of filenames used in include/require statements within the PHP program, specifically in jwsthemes IdealAuto. This allows for PHP Local File Inclusion. The...
PT-2026-27816
Name of the Vulnerable Software and Affected Versions Elated-Themes Gaspard versions n/a through 1.3 Description A flaw exists in the handling of filenames for Include/Require statements within a PHP program, specifically a PHP Remote File Inclusion issue in Elated-Themes Gaspard. This allows for...
PT-2026-28144
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...
PT-2026-27819
Name of the Vulnerable Software and Affected Versions AncoraThemes Hypnotherapy versions through 1.2.10 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Loc...
PT-2026-27835
Name of the Vulnerable Software and Affected Versions AncoraThemes Unica versions through 1.4.1 Description The software contains a flaw related to improper control of filename handling for include/require statements, leading to a PHP Remote File Inclusion issue. This allows for PHP Local File...
PT-2026-28018
Name of the Vulnerable Software and Affected Versions CreativeWS VintWood versions n/a through 1.1.8 Description The software contains a flaw due to improper control of filename handling for Include/Require statements in the PHP program, leading to a PHP Local File Inclusion issue. The affected...
PT-2026-27836
Name of the Vulnerable Software and Affected Versions AncoraThemes VegaDays versions through 1.2.0 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local Fi...
PT-2026-27829
Name of the Vulnerable Software and Affected Versions AncoraThemes Dentalux versions n/a through 3.3 Description The software contains an improper control of filename handling for include/require statements, leading to a PHP Local File Inclusion issue. This allows an attacker to potentially inclu...
CVE-2026-33681
WWBN AVideo (versions up to 26.0) has a path traversal flaw in the objects/pluginRunDatabaseScript.json.php endpoint. An authenticated admin (or an attacker via CSRF) can pass a name parameter via POST, which is handed to Plugin::getDatabaseFileName() without proper sanitization and allows readin...
EUVD-2026-13659
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Melania allows PHP Local File Inclusion.This issue affects Melania: from n/a through 2.5.0...
CVE-2026-22324
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Melania allows PHP Local File Inclusion.This issue affects Melania: from n/a through 2.5.0...