EUVD-2026-9680

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Global Logistics globallogistics allows PHP Local File Inclusion.This issue affects Global Logistics: from n/a through = 3.20...

CVE-2026-28091

CVE-2026-28091 affects the WordPress Theme Coleo (ThemeREX) up to version 1.1.7, exposing an unauthenticated Local File Inclusion via improper control of the filename in PHP Include/Require statements. Public reports from multiple sources identify this vulnerability class and assign a high risk (...

CVE-2025-58900

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes UniTravel unitravel allows PHP Local File Inclusion.This issue affects UniTravel: from n/a through = 1.4.2...

EUVD-2025-204136

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Soleil soleil allows PHP Local File Inclusion.This issue affects Soleil: from n/a through = 1.17...

CVE-2014-8667

Cross-site scripting XSS vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2024-12127

The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This...

PT-2024-35886 · WordPress · Sparkle Wp Sparkle Elementor Kit

Name of the Vulnerable Software and Affected Versions: Sparkle WP Sparkle Elementor Kit versions through 2.0.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This is a Cross-site...

CVE-2024-49701

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Theme Horse Mags.This issue affects Mags: from n/a through 1.1.6...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

SUSE CVE-2013-7226

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer...

PHP pcnt_exec() function security bypass vulnerability

PHP is a general-purpose web programming language. The PHP pcntexec function accepts null values in paths and is vulnerable to a security bypass vulnerability. A remote attacker can submit special values to bypass security controls on path values...