PT-2026-4147

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects DiveIt: from n/a through = 1.4.3...

PT-2026-4137

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Töbel tobel allows PHP Local File Inclusion.This issue affects Töbel: from n/a through = 1.6...

📄 Abacre Retail Point of Sale 14.0.0.396 Cross Site Scripting

Abacre Retail Point of Sale version 14.0.0.396 suffers from a persistent cross site scripting vulnerability. CVE-2025-67263 - Stored cross-site scripting XSS in Abacre Retail Point of Sale 14.0.0.396 Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS...

Exploit for CVE-2025-67263

CVE-2025-67263 - Stored cross-site scripting XSS in Abacre R...

MiracleLinux 3 : mysql-5.0.95-3.0.1.AXS3 (AXSA:2013-78:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-78:01 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different clie...

CVE-2025-12550

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes OchaHouse ochahouse allows PHP Local File Inclusion.This issue affects OchaHouse: from n/a through = 2.2.8...

CVE-2025-67937

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through 1.7...

CVE-2025-22707

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through = 2.7.3...

CVE-2023-31910

Jerryscript 3.0 commit 05dbbd1 was discovered to contain a heap-buffer-overflow via the component parserparsefunctionstatement at /jerry-core/parser/js/js-parser-statm.c...

CVE-2022-0349

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection...

CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

CVE-2023-4407

A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/accountstatement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The...

CVE-2023-40610

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

CVE-2023-50395

SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited...

CVE-2025-67935 WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through 2.4...

CVE-2025-67936 WordPress Curly theme < 3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through 3.3...

CVE-2025-14430

CVE-2025-14430 affects the Brook WordPress theme (ThemeMove Brook) and is due to Improper Control of Filename for Include/Require Statement in PHP (PHP Local File Inclusion). The description indicates Brook

CVE-2025-14431 WordPress Navian theme <= 1.5.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in THEMELOGI Navian navian allows PHP Local File Inclusion.This issue affects Navian: from n/a through = 1.5.4...

CVE-2025-22707

CVE-2025-22707 corresponds to a WordPress tm-moody (ThemeMove Moody) vulnerability that enables an unauthenticated Local File Inclusion (LFI) due to improper handling of include/require filename parameters. The Moody theme is listed as affected up to version 2.7.3, and the Wordfence report notes ...

CVE-2025-22708 WordPress Mitech theme <= 2.3.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through = 2.3.4...