Latest CVE Feed
-
8.2
HIGHCVE-2025-58894
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Good Mood good-mood allows PHP Local File Inclusion.This issue affects Good Mood: from n/a through <= 1.16.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-58896
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Otaku otaku allows PHP Local File Inclusion.This issue affects Otaku: from n/a through <= 1.8.0.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-58929
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pantry pantry allows PHP Local File Inclusion.This issue affects Pantry: from n/a through <= 1.4.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-58893
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Alright alright allows PHP Local File Inclusion.This issue affects Alright: from n/a through <= 1.6.1.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-64677
Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : office_out_of-box_experience- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
-
8.2
HIGHCVE-2025-60063
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rosalinda rosalinda allows PHP Local File Inclusion.This issue affects Rosalinda: from n/a through <= 1.2.3.... Read more
Affected Products : rosalinda- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-58891
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Sanger sanger allows PHP Local File Inclusion.This issue affects Sanger: from n/a through <= 1.24.0.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-65781
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer to... Read more
Affected Products : wekan- Published: Dec. 15, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Denial of Service
-
8.2
HIGHCVE-2025-58943
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Agricola agricola allows PHP Local File Inclusion.This issue affects Agricola: from n/a through <= 1.1.0.... Read more
Affected Products : agricola- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-66028
OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMa... Read more
Affected Products : oneuptime- Published: Nov. 26, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authentication
-
8.2
HIGHCVE-2025-58892
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tourimo tourimo allows PHP Local File Inclusion.This issue affects Tourimo: from n/a through <= 1.2.3.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-58940
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Basil: from n/a through <= 1.3.12.... Read more
Affected Products : basil- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-58803
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Algenix algenix allows PHP Local File Inclusion.This issue affects Algenix: from n/a through <= 1.0.... Read more
Affected Products : algenix- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-58941
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Fabric fabric allows PHP Local File Inclusion.This issue affects Fabric: from n/a through <= 1.5.0.... Read more
Affected Products : fabric- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2023-53982
PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements ... Read more
Affected Products : pmb- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Injection
-
8.2
HIGHCVE-2025-58944
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Manufactory manufactory allows PHP Local File Inclusion.This issue affects Manufactory: from n/a through <= 1.4.... Read more
Affected Products : manufactory- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-1545
An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only ... Read more
Affected Products : fireware firebox_m270 firebox_m290 firebox_m370 firebox_m390 firebox_m440 firebox_m470 firebox_m4800 firebox_m570 firebox_m5800 +25 more products- Published: Dec. 04, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Injection
-
8.2
HIGHCVE-2025-58942
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Dwell dwell allows PHP Local File Inclusion.This issue affects Dwell: from n/a through <= 1.7.0.... Read more
Affected Products : dwell- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-58889
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Towny towny allows PHP Local File Inclusion.This issue affects Towny: from n/a through <= 1.16.... Read more
Affected Products : towny- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-10451
Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Memory Corruption