CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2120 matches found

Positive Technologies•added 2025/08/20 12:0 a.m.•4 views

PT-2025-33987 · Unknown · Nk Ghost Kit

Name of the Vulnerable Software and Affected Versions: nK Ghost Kit versions through 3.4.1 Description: This issue involves improper control of filename handling for Include/Require statements in PHP programs, specifically a PHP Remote File Inclusion vulnerability that allows for PHP Local File...

8.1CVSS6.5AI score0.00158EPSS

Exploits0References4

CNNVD•added 2025/08/20 12:0 a.m.•1 views

WordPress plugin Cena Store 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS6.6AI score0.00158EPSS

Exploits0References2

RedhatCVE•added 2025/08/16 11:25 a.m.•2 views

CVE-2025-25172

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue affects VidMov: from n/a through = 1.9.4...

8.1CVSS5.9AI score0.00158EPSS

Exploits0References1

RedhatCVE•added 2025/08/16 11:25 a.m.•2 views

CVE-2025-49264

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login cloud-sso-single-sign-on allows PHP Local File Inclusion.This issue affects Cloud SAML SSO - Single Sign On...

7.5CVSS5.9AI score0.00144EPSS

Exploits0References1

RedhatCVE•added 2025/08/16 11:25 a.m.•2 views

CVE-2025-48293

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows PHP Local File Inclusion.This issue affects Geo Mashup: from n/a through = 1.13.16...

9.8CVSS5.9AI score0.0021EPSS

Exploits0References1

Vulnrichment•added 2025/08/14 10:34 a.m.•1 views

CVE-2025-54690 WordPress Xinterio Theme <= 4.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themeStek Xinterio allows PHP Local File Inclusion. This issue affects Xinterio: from n/a through 4.2...

8.1CVSS7.4AI score0.00158EPSS

Exploits0References1

Vulnrichment•added 2025/08/14 10:34 a.m.•2 views

CVE-2025-54689 WordPress Urna Theme <= 2.5.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.7...

8.1CVSS4.7AI score0.00158EPSS

Exploits0References1

CVE•added 2025/08/14 10:34 a.m.•14 views

CVE-2025-30635

CVE-2025-30635 affects IDonatePro (WordPress plugin) <= 2.1.9 and is described as an improper control of the filename for include/require statements, enabling PHP Local File Inclusion. Public sources in the connected documents corroborate the vulnerability as a Local File Inclusion issue and n...

8.1CVSS5.9AI score0.00158EPSS

Exploits0References1

Cvelist•added 2025/08/14 10:34 a.m.•8 views

CVE-2025-32288 WordPress RT-Theme 18 | Extensions plugin <= 2.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.4...

7.5CVSS0.00144EPSS

Exploits0References1

Vulnrichment•added 2025/08/14 10:34 a.m.•2 views

CVE-2025-49264 WordPress Cloud SAML SSO - Single Sign On Login <= 1.0.18 - Local File Inclusion Vulnerability

7.5CVSS5.3AI score0.00144EPSS

Exploits0References1

CVE•added 2025/08/14 10:34 a.m.•11 views

CVE-2025-49271

CVE-2025-49271 describes an issue in GravityWP – Merge Tags where improper handling of filenames in PHP Include/Require statements enables PHP Local File Inclusion. Affected versions are GravityWP – Merge Tags up to and including 1.4.4. The weakness could allow an attacker to access local files v...

7.5CVSS5.9AI score0.00144EPSS

Exploits0References1

Vulnrichment•added 2025/08/14 10:34 a.m.•1 views

CVE-2025-52728 WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin allows PHP Local File Inclusion. This issue affects Responsive Posts Carousel WordPress Plugin: from n/a through 15.0...

7.5CVSS7.3AI score0.00144EPSS

Exploits0References1

Cvelist•added 2025/08/14 10:33 a.m.•7 views

CVE-2025-52806 WordPress JobSearch Plugin < 3.0.8 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in eyecix JobSearch wp-jobsearch allows PHP Local File Inclusion.This issue affects JobSearch: from n/a through 3.0.8...

7.5CVSS0.00157EPSS

Exploits0References1

Positive Technologies•added 2025/08/14 12:0 a.m.•3 views

PT-2025-33241 · Thembay · Urna

Name of the Vulnerable Software and Affected Versions: thembay Urna versions through 2.5.7 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. Recommendations:...

8.1CVSS6.5AI score0.00158EPSS

Exploits0References5

ICS•added 2025/07/31 5:1 p.m.•4 views

OPEXUS FOIAXpress Public Access Link (PAL) multiple vulnerabilities

RISK EVALUATION Multiple vulnerabilities could allow unauthenticated attackers to bypass rate-limiting measures for login attempts, or check for the existence of other users. Low-privileged users can modify certain site content without authorization. 2. RECOMMENDED PRACTICES Upgrade to OPEXUS...

7.5CVSS6.6AI score0.0019EPSS

Exploits0References1

ATTACKERKB•added 2025/07/28 6:32 a.m.•0 views

CVE-2025-8261

A weakness has been identified in Vaelsys VaelsysV4 4.1.0. This vulnerability affects unknown code of the file /grid/vgridserver.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been...

9.8CVSS6.8AI score0.0053EPSS

Exploits1References8Affected Software1

RedhatCVE•added 2025/07/23 10:1 a.m.•7 views

CVE-2025-41678

A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement...

6.5CVSS6.8AI score0.00669EPSS

Exploits1References1

VulnCheck KEV•added 2025/07/21 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-3481

The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection...

9.8CVSS5.9AI score0.47991EPSS

In wildExploits2References126

RedHat Linux•added 2025/07/09 12:22 p.m.•1 views

kernel: usb: config: fix iteration issue in 'usb_get_bos_descriptor()'

In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usbgetbosdescriptor' The BOS descriptor defines a root descriptor and is the base descriptor for accessing a family of related descriptors. Function 'usbgetbosdescriptor' encounters an iterati...

5.5CVSS6.4AI score0.00005EPSS

Exploits0References5

ATTACKERKB•added 2025/07/04 12:15 p.m.•2 views

CVE-2025-47627

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File Inclusion. This issue affects PrivateContent - Mail Actions: from n/a through 2.3.2...

7.5CVSS5.3AI score0.00459EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by