Astra Linux - уязвимость в golang-golang-x-net, golang-1.15

In Go, before versions 1.15.12 and 1.16.x, and before version 1.16.4, net/http allowed remote attackers to cause a denial of service panic through a large header sent to ReadRequest or ReadResponse. This issue can affect the Server, Transport, and Client components in certain configurations...

Astra Linux - уязвимость в batik

A vulnerability in Batik of Apache XML Graphics allows an attacker to execute Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics versions prior to 1.16. Users are recommended to upgrade to version 1.16...

Astra Linux - уязвимость в batik

Server-side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik. This issue affects Apache XML Graphics Batik version 1.16. In version 1.16, a malicious SVG file may trigger the loading of external resources by default, leading to resource consumption or, in...

CVE-2026-5789

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:\Program...

CVE-2026-5789 Search path without quotes in CivetWeb

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:\Program...

CVE-2026-5789

CVE-2026-5789 affects CivetWeb v1.16. The root cause is an unquoted search path in the service configuration, allowing a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory scanned before the application path (e.g., C:\Program Files\C...

CivetWeb 代码问题漏洞

CivetWeb is an open-source web server developed by Civetweb, designed to be easy to use, powerful, and capable of being embedded in C/C++. It offers optional support for CGI, SSL, and Lua. Version 1.16 of CivetWeb contains a code vulnerability. This vulnerability stems from search paths in servic...

EUVD-2026-17241

Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access...

Duplicate Advisory: Kyverno is vulnerable to server-side request forgery (SSRF)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rggm-jjmc-3394. This link is maintained to preserve external references. Original Description Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...

WordPress plugin Tooth Fairy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-54003

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through = 1.16...

PT-2026-3988

Name of the Vulnerable Software and Affected Versions Mikado-Themes Depot versions prior to 1.17 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusio...

CVE-2025-58894

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Good Mood good-mood allows PHP Local File Inclusion.This issue affects Good Mood: from n/a through = 1.16...

CVE-2025-58894

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Good Mood good-mood allows PHP Local File Inclusion.This issue affects Good Mood: from n/a through = 1.16...

CVE-2025-60042 WordPress Chinchilla theme <= 1.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Chinchilla chinchilla allows PHP Local File Inclusion.This issue affects Chinchilla: from n/a through = 1.16...

CVE-2025-58950 WordPress Lione theme <= 1.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Lione lione allows PHP Local File Inclusion.This issue affects Lione: from n/a through = 1.16...

CVE-2025-58889 WordPress Towny theme <= 1.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Towny towny allows PHP Local File Inclusion.This issue affects Towny: from n/a through = 1.16...

CVE-2025-58885 WordPress Pathfinder theme <= 1.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Pathfinder pathfinder allows PHP Local File Inclusion.This issue affects Pathfinder: from n/a through = 1.16...

CVE-2025-53453 WordPress Hygia theme <= 1.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Hygia hygia allows PHP Local File Inclusion.This issue affects Hygia: from n/a through = 1.16...

WordPress plugin Towny 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...