Total
986 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47494 | 2025-05-08 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. This issue affects EventON: from n/a through 2.4.1.
|
|||||
| CVE-2025-47440 | 2025-05-08 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Greg Winiarski WPAdverts allows PHP Local File Inclusion. This issue affects WPAdverts: from n/a through 2.2.2.
|
|||||
| CVE-2025-47508 | 2025-05-08 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ruben Garcia GamiPress allows PHP Local File Inclusion. This issue affects GamiPress: from n/a through 7.3.7.
|
|||||
| CVE-2025-47653 | 2025-05-08 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recall: from n/a through 16.26.14.
|
|||||
| CVE-2024-30849 | 1 Donbermoy | 1 Complete E-commerce Site | 2025-05-05 | N/A | 9.8 CRITICAL |
|
Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php.
|
|||||
| CVE-2022-44786 | 1 Maggioli | 1 Appalti \& Contratti | 2025-04-29 | N/A | 7.5 HIGH |
|
An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each application.
|
|||||
| CVE-2025-32921 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPoperation Arrival allows PHP Local File Inclusion. This issue affects Arrival: from n/a through 1.4.5.
|
|||||
| CVE-2025-39359 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Work Web CWW Portfolio allows PHP Local File Inclusion. This issue affects CWW Portfolio: from n/a through 1.3.1.
|
|||||
| CVE-2025-39391 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zamartz Checkout Field Visibility for WooCommerce allows PHP Local File Inclusion. This issue affects Checkout Field Visibility for WooCommerce: from n/a through 1.2.3.
|
|||||
| CVE-2025-39399 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashraful Sarkar Naiem License For Envato allows PHP Local File Inclusion. This issue affects License For Envato: from n/a through 1.0.0.
|
|||||
| CVE-2025-39383 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Work Web Xews Lite allows PHP Local File Inclusion. This issue affects Xews Lite: from n/a through 1.0.9.
|
|||||
| CVE-2025-39384 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cedcommerce Product Lister for eBay allows PHP Local File Inclusion. This issue affects Product Lister for eBay: from n/a through 2.0.9.
|
|||||
| CVE-2025-39378 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows PHP Local File Inclusion. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.
|
|||||
| CVE-2025-39387 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPoperation Opstore allows PHP Local File Inclusion. This issue affects Opstore: from n/a through 1.4.5.
|
|||||
| CVE-2025-39360 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in everestthemes Grace Mag allows PHP Local File Inclusion. This issue affects Grace Mag: from n/a through 1.1.5.
|
|||||
| CVE-2025-46230 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GhozyLab Popup Builder allows PHP Local File Inclusion. This issue affects Popup Builder: from n/a through 1.1.35.
|
|||||
| CVE-2025-39379 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Capturly Capturly allows PHP Local File Inclusion. This issue affects Capturly: from n/a through 2.0.1.
|
|||||
| CVE-2025-2101 | 2025-04-29 | N/A | 8.1 HIGH | ||
|
The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumall_lazy_load_template' AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and incl ...
Show More |
|||||
| CVE-2024-33863 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | N/A | 9.8 CRITICAL |
|
An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion.
|
|||||
| CVE-2025-0632 | 2025-04-28 | N/A | N/A | ||
|
Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise.
This issue affects Rock ...
Show More |
|||||
| CVE-2025-31340 | 2025-04-17 | N/A | N/A | ||
|
A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to perform arbitrary system commands by running a malicious file.
|
|||||
| CVE-2025-39462 | 2025-04-17 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in teamzt Smart Agreements allows PHP Local File Inclusion. This issue affects Smart Agreements: from n/a through 1.0.3.
|
|||||
| CVE-2025-31030 | 2025-04-17 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jbhovik Ray Enterprise Translation allows PHP Local File Inclusion. This issue affects Ray Enterprise Translation: from n/a through 1.7.0.
|
|||||
| CVE-2025-39452 | 2025-04-17 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.32.
|
|||||
| CVE-2025-39526 | 2025-04-17 | N/A | 8.1 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.6.
|
|||||
| CVE-2025-39461 | 2025-04-17 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache allows PHP Local File Inclusion. This issue affects Docket Cache: from n/a through 24.07.02.
|
|||||
| CVE-2025-39429 | 2025-04-17 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Földesi, Mihály Széchenyi 2020 Logo allows PHP Local File Inclusion. This issue affects Széchenyi 2020 Logo: from n/a through 1.1.
|
|||||
| CVE-2025-39570 | 2025-04-16 | N/A | 8.8 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Lomu WPCOM Member allows PHP Local File Inclusion. This issue affects WPCOM Member: from n/a through 1.7.7.
|
|||||
| CVE-2025-39592 | 2025-04-16 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Unlock Lite allows PHP Local File Inclusion. This issue affects Subscribe to Unlock Lite: from n/a through 1.3.0.
|
|||||
| CVE-2025-27011 | 2025-04-16 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager allows PHP Local File Inclusion. This issue affects Booking and Rental Manager: from n/a through 2.2.8.
|
|||||
| CVE-2025-26894 | 2025-04-15 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Coming Soon, Maintenance Mode allows PHP Local File Inclusion. This issue affects Coming Soon, Maintenance Mode: from n/a through 1.1.1.
|
|||||
| CVE-2025-26889 | 2025-04-15 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound hockeydata LOS allows PHP Local File Inclusion. This issue affects hockeydata LOS: from n/a through 1.2.4.
|
|||||
| CVE-2025-32663 | 2025-04-11 | N/A | 8.1 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Cooming Soon allows PHP Local File Inclusion. This issue affects FAT Cooming Soon: from n/a through 1.1.
|
|||||
| CVE-2025-32614 | 2025-04-11 | N/A | 8.8 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. This issue affects EventON: from n/a through 2.3.2.
|
|||||
| CVE-2025-22279 | 2025-04-11 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetCompareWishlist allows PHP Local File Inclusion.This issue affects JetCompareWishlist: from n/a through 1.5.9.
|
|||||
| CVE-2025-31015 | 2025-04-11 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk allows PHP Local File Inclusion. This issue affects WordPress SMTP Service, Email Delivery Solved! — MailHawk: from n/a through 1.3.1.
|
|||||
| CVE-2025-32656 | 2025-04-11 | N/A | 8.1 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Testimonial Slider And Showcase Pro allows PHP Local File Inclusion. This issue affects Testimonial Slider And Showcase Pro: from n/a through 2.3.15.
|
|||||
| CVE-2025-32577 | 2025-04-11 | N/A | 9.8 CRITICAL | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online allows PHP Local File Inclusion. This issue affects Build App Online: from n/a through 1.0.23.
|
|||||
| CVE-2025-32672 | 2025-04-11 | N/A | 8.1 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion. This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.9.
|
|||||
| CVE-2025-32160 | 2025-04-11 | N/A | 7.5 HIGH | ||
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON. This issue affects EventON: from n/a through 2.3.2.
|
|||||