CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49378 | high | 8.5 | 8.5 | 8mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from … | |||
| CVE-2025-48091 | high | 8.5 | 8.5 | 8mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a thro… | |||
| CVE-2025-49406 | high | 8.5 | 8.5 | 10mo ago | Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1. | |||
| CVE-2025-32574 | high | 8.5 | 8.5 | 11mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: from n/a through 65.0. | |||
| CVE-2025-30562 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This … | |||
| CVE-2025-47651 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global:… | |||
| CVE-2025-47575 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a t… | |||
| CVE-2025-32573 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiotviet KiotViet Sync allows SQL Injection. This issue affects KiotViet Sync: from n/a through 1… | |||
| CVE-2025-26976 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <=… | |||
| CVE-2025-11130 | high | 8.4 | 8.4 | 8mo ago | A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This … | |||
| CVE-2025-10906 | high | 8.4 | 8.4 | 9mo ago | A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/… | |||
| CVE-2025-48581 | high | 8.4 | 8.4 | 9mo ago | In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional exec… | |||
| CVE-2025-49697 | high | 8.4 | 8.4 | 11mo ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-49696 | high | 8.4 | 8.4 | 11mo ago | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-49695 | high | 8.4 | 8.4 | 11mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47953 | high | 8.4 | 8.4 | 1y ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47167 | high | 8.4 | 8.4 | 1y ago | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47164 | high | 8.4 | 8.4 | 1y ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47162 | high | 8.4 | 8.4 | 1y ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-5088 | high | 8.3 | 8.3 | 1d ago | An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on… | |||
| CVE-2025-40946 | high | 8.3 | 8.3 | 26d ago | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All version… | |||
| CVE-2025-67888 | high | 7.3 | 8.3 | 1mo ago | An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php (when the "api" parameter is set) is not properly sanitized bef… | |||
| CVE-2025-14341 | high | 8.3 | 8.3 | 1mo ago | Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDri… | |||
| CVE-2025-13779 | high | 8.3 | 8.3 | 3mo ago | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | |||
| CVE-2025-13777 | high | 8.3 | 8.3 | 3mo ago | Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | |||
| CVE-2025-10174 | high | 8.3 | 8.3 | 4mo ago | Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding. This issue affects PanCafe Pro: from < 3.3.2 through 230920… | |||
| CVE-2025-10913 | high | 8.3 | 8.3 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XS… | |||
| CVE-2025-14018 | high | 7.3 | 8.3 | 6mo ago | Unquoted Search Path or Element vulnerability in NetBT Consulting Services Inc. E-Fatura allows Leveraging/Manipulating Configuration File Search Paths, Redirect Access to Libraries. This issue affe… | |||
| CVE-2025-26969 | high | 8.3 | 8.3 | 1y ago | Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. | |||
| CVE-2025-69755 | high | 8.2 | 8.2 | 2d ago | An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the at_command.asp interface | |||
| CVE-2025-3633 | high | 8.2 | 8.2 | 11d ago | IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to … | |||
| CVE-2025-26483 | high | 8.2 | 8.2 | 16d ago | Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application … | |||
| CVE-2025-52644 | high | 8.2 | 8.2 | 3mo ago | HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could… | |||
| CVE-2025-13002 | high | 8.2 | 8.2 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting (… | |||
| CVE-2025-9986 | high | 8.2 | 8.2 | 4mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation. This issue affects DIGIKENT: throu… | |||
| CVE-2025-1395 | high | 8.2 | 8.2 | 4mo ago | Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects … | |||
| CVE-2025-67956 | high | 8.2 | 8.2 | 5mo ago | Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from… | |||
| CVE-2025-68696 | high | 8.2 | 8.2 | 6mo ago | httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to interna… | |||
| CVE-2025-11151 | high | 8.2 | 8.2 | 8mo ago | Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and T… | |||
| CVE-2025-0616 | high | 8.2 | 8.2 | 8mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B - Netsis Panel allows SQL Injecti… | |||
| CVE-2025-32988 | high | 8.2 | 8.2 | 9mo ago | RHSA-2025:17415: gnutls security, bug fix, and enhancement update (Moderate) | |||
| CVE-2025-8518 | high | 7.2 | 8.2 | 10mo ago | A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. … | |||
| CVE-2025-8020 | high | 8.2 | 8.2 | 11mo ago | private-ip vulnerable to Server-Side Request Forgery | |||
| CVE-2025-39536 | high | 8.2 | 8.2 | 1y ago | Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through … | |||
| CVE-2025-39350 | high | 8.2 | 8.2 | 1y ago | Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. | |||
| CVE-2025-0984 | high | 8.2 | 8.2 | 1y ago | Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing… | |||
| CVE-2025-32119 | high | 8.2 | 8.2 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue affects… | |||
| CVE-2025-3192 | high | 8.2 | 8.2 | 1y ago | Browsershot Server-Side Request Forgery (SSRF) via setURL() Function | |||
| CVE-2025-1022 | high | 8.2 | 8.2 | 1y ago | Browsershot Path Traversal | |||
| CVE-2025-59874 | high | 8.1 | 8.1 | 3d ago | HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site v… | |||
| CVE-2025-69369 | high | 8.1 | 8.1 | 5d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racqu… | |||
| CVE-2025-68886 | high | 8.1 | 8.1 | 5d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Coo… | |||
| CVE-2025-58897 | high | 8.1 | 8.1 | 5d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fer… | |||
| CVE-2025-58707 | high | 8.1 | 8.1 | 5d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: fr… | |||
| CVE-2025-58705 | high | 8.1 | 8.1 | 5d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti… | |||
| CVE-2025-53440 | high | 8.1 | 8.1 | 5d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Con… | |||
| CVE-2025-66467 | high | 8.1 | 8.1 | 1mo ago | Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, th… | |||
| CVE-2025-66172 | high | 8.1 | 8.1 | 1mo ago | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e… | |||
| CVE-2025-67796 | high | 8.1 | 8.1 | 1mo ago | IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users | |||
| CVE-2025-40897 | high | 8.1 | 8.1 | 2mo ago | An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authen… | |||
| CVE-2025-12805 | high | 8.1 | 8.1 | 2mo ago | A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, … | |||
| CVE-2025-70614 | high | 8.1 | 8.1 | 3mo ago | OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to… | |||
| CVE-2025-15582 | high | 8.1 | 8.1 | 4mo ago | A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the ar… | |||
| CVE-2025-69043 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rash… | |||
| CVE-2025-69042 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lind… | |||
| CVE-2025-69040 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfre… | |||
| CVE-2025-69039 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Ba… | |||
| CVE-2025-49994 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Athens athens allows PHP Local File Inclusion.This issue affects Athe… | |||
| CVE-2025-10856 | high | 8.1 | 8.1 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection. This issue affects Teknoera: through 01102025. | |||
| CVE-2025-14359 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in brandexponents Oshine allows PHP Local File Inclusion. This issue affects Osh… | |||
| CVE-2025-32304 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH:… | |||
| CVE-2025-15398 | high | 8.1 | 8.1 | 5mo ago | A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. S… | |||
| CVE-2025-69034 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects… | |||
| CVE-2025-15107 | high | 8.1 | 8.1 | 5mo ago | SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key in github.com/actiontech/sqle | |||
| CVE-2025-15085 | high | 8.1 | 8.1 | 5mo ago | A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/Membe… | |||
| CVE-2025-58052 | high | 8.1 | 8.1 | 6mo ago | Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictio… | |||
| CVE-2025-14909 | high | 8.1 | 8.1 | 6mo ago | A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jee… | |||
| CVE-2025-14908 | high | 8.1 | 8.1 | 6mo ago | A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/s… | |||
| CVE-2025-58950 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lione lione allows PHP Local File Inclusion.This issue affects Lio… | |||
| CVE-2025-58949 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spo… | |||
| CVE-2025-58948 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Aromatica aromatica allows PHP Local File Inclusion.This issue aff… | |||
| CVE-2025-58947 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Ath… | |||
| CVE-2025-58946 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Vocal vocal allows PHP Local File Inclusion.This issue affects Voc… | |||
| CVE-2025-58945 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes EcoGrow ecogrow allows PHP Local File Inclusion.This issue affects… | |||
| CVE-2025-58944 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Manufactory manufactory allows PHP Local File Inclusion.This issue… | |||
| CVE-2025-58943 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Agricola agricola allows PHP Local File Inclusion.This issue affec… | |||
| CVE-2025-58942 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Dwell dwell allows PHP Local File Inclusion.This issue affects Dwe… | |||
| CVE-2025-58941 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Fabric fabric allows PHP Local File Inclusion.This issue affects F… | |||
| CVE-2025-58940 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Bas… | |||
| CVE-2025-58937 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Tacticool tacticool allows PHP Local File Inclusion.This issue aff… | |||
| CVE-2025-58936 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Catamaran catamaran allows PHP Local File Inclusion.This issue aff… | |||
| CVE-2025-58934 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes The Gig thegig allows PHP Local File Inclusion.This issue affects … | |||
| CVE-2025-58933 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Anubis anubis allows PHP Local File Inclusion.This issue affects A… | |||
| CVE-2025-58932 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Prisma prisma allows PHP Local File Inclusion.This issue affects P… | |||
| CVE-2025-58931 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Palatio palatio allows PHP Local File Inclusion.This issue affects… | |||
| CVE-2025-58930 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes FitFlex fitflex allows PHP Local File Inclusion.This issue affects… | |||
| CVE-2025-58929 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pantry pantry allows PHP Local File Inclusion.This issue affects P… | |||
| CVE-2025-49366 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hanani hanani allows PHP Local File Inclusion.This issue affects … | |||
| CVE-2025-49365 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Jack Well jack-well allows PHP Local File Inclusion.This issue af… | |||
| CVE-2025-49364 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ludos Paradise ludos-paradise allows PHP Local File Inclusion.Thi… |