CVEs from 2025
Total
8,883
critical
critical 1,339
high
high 2,021
medium
medium 1,999
low
low 202
% Critical
15.1%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-63680 | high | 8.6 | 8.6 | 7mo ago | Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code… | |||
| CVE-2025-49916 | high | 8.6 | 8.6 | 8mo ago | Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MultiVendorX: from n/a … | |||
| CVE-2025-11343 | high | 8.6 | 8.6 | 8mo ago | A security vulnerability has been detected in code-projects Student Crud Operation 3.3. Affected is an unknown function of the file delete.php. The manipulation of the argument ID leads to sql inject… | |||
| CVE-2025-10449 | high | 8.6 | 8.6 | 8mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal. This issue affects Say… | |||
| CVE-2025-10438 | high | 8.6 | 8.6 | 8mo ago | Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal. This issue a… | |||
| CVE-2025-49448 | high | 8.6 | 8.6 | 11mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0… | |||
| CVE-2025-1026 | high | 8.6 | 8.6 | 1y ago | Browsershot Local File Inclusion | |||
| CVE-2025-69180 | high | 8.5 | 8.5 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra … | |||
| CVE-2025-49050 | high | 8.5 | 8.5 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affect… | |||
| CVE-2025-49049 | high | 8.5 | 8.5 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Galle… | |||
| CVE-2025-31044 | high | 8.5 | 8.5 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a throu… | |||
| CVE-2025-30628 | high | 8.5 | 8.5 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows SQL I… | |||
| CVE-2025-28949 | high | 8.5 | 8.5 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affect… | |||
| CVE-2025-49378 | high | 8.5 | 8.5 | 8mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from … | |||
| CVE-2025-48091 | high | 8.5 | 8.5 | 8mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a thro… | |||
| CVE-2025-49406 | high | 8.5 | 8.5 | 10mo ago | Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1. | |||
| CVE-2025-32574 | high | 8.5 | 8.5 | 11mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: from n/a through 65.0. | |||
| CVE-2025-30562 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This … | |||
| CVE-2025-47651 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global:… | |||
| CVE-2025-47575 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a t… | |||
| CVE-2025-32573 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiotviet KiotViet Sync allows SQL Injection. This issue affects KiotViet Sync: from n/a through 1… | |||
| CVE-2025-26976 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <=… | |||
| CVE-2025-11130 | high | 8.4 | 8.4 | 8mo ago | A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This … | |||
| CVE-2025-10906 | high | 8.4 | 8.4 | 8mo ago | A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/… | |||
| CVE-2025-48581 | high | 8.4 | 8.4 | 9mo ago | In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional exec… | |||
| CVE-2025-49697 | high | 8.4 | 8.4 | 11mo ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-49696 | high | 8.4 | 8.4 | 11mo ago | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-49695 | high | 8.4 | 8.4 | 11mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47953 | high | 8.4 | 8.4 | 1y ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47167 | high | 8.4 | 8.4 | 1y ago | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47164 | high | 8.4 | 8.4 | 1y ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47162 | high | 8.4 | 8.4 | 1y ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-40946 | high | 8.3 | 8.3 | 24d ago | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All version… | |||
| CVE-2025-67888 | high | 7.3 | 8.3 | 28d ago | An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php (when the "api" parameter is set) is not properly sanitized bef… | |||
| CVE-2025-14341 | high | 8.3 | 8.3 | 29d ago | Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDri… | |||
| CVE-2025-13779 | high | 8.3 | 8.3 | 3mo ago | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | |||
| CVE-2025-13777 | high | 8.3 | 8.3 | 3mo ago | Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | |||
| CVE-2025-10174 | high | 8.3 | 8.3 | 4mo ago | Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding. This issue affects PanCafe Pro: from < 3.3.2 through 230920… | |||
| CVE-2025-10913 | high | 8.3 | 8.3 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XS… | |||
| CVE-2025-26969 | high | 8.3 | 8.3 | 1y ago | Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. | |||
| CVE-2025-69755 | high | 8.2 | 8.2 | 19h ago | An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the at_command.asp interface | |||
| CVE-2025-3633 | high | 8.2 | 8.2 | 9d ago | IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to … | |||
| CVE-2025-26483 | high | 8.2 | 8.2 | 14d ago | Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application … | |||
| CVE-2025-52644 | high | 8.2 | 8.2 | 3mo ago | HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could… | |||
| CVE-2025-13002 | high | 8.2 | 8.2 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting (… | |||
| CVE-2025-9986 | high | 8.2 | 8.2 | 4mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation. This issue affects DIGIKENT: throu… | |||
| CVE-2025-67956 | high | 8.2 | 8.2 | 4mo ago | Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from… | |||
| CVE-2025-68696 | high | 8.2 | 8.2 | 6mo ago | httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to interna… | |||
| CVE-2025-11151 | high | 8.2 | 8.2 | 8mo ago | Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and T… | |||
| CVE-2025-32988 | high | 8.2 | 8.2 | 9mo ago | RHSA-2025:17415: gnutls security, bug fix, and enhancement update (Moderate) | |||
| CVE-2025-8518 | high | 7.2 | 8.2 | 10mo ago | A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. … | |||
| CVE-2025-8020 | high | 8.2 | 8.2 | 11mo ago | private-ip vulnerable to Server-Side Request Forgery | |||
| CVE-2025-39536 | high | 8.2 | 8.2 | 1y ago | Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through … | |||
| CVE-2025-39350 | high | 8.2 | 8.2 | 1y ago | Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. | |||
| CVE-2025-32119 | high | 8.2 | 8.2 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue affects… | |||
| CVE-2025-3192 | high | 8.2 | 8.2 | 1y ago | Browsershot Server-Side Request Forgery (SSRF) via setURL() Function | |||
| CVE-2025-1022 | high | 8.2 | 8.2 | 1y ago | Browsershot Path Traversal | |||
| CVE-2025-59874 | high | 8.1 | 8.1 | 23h ago | HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site v… | |||
| CVE-2025-69369 | high | 8.1 | 8.1 | 3d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racqu… | |||
| CVE-2025-68886 | high | 8.1 | 8.1 | 3d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Coo… | |||
| CVE-2025-58897 | high | 8.1 | 8.1 | 3d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fer… | |||
| CVE-2025-58707 | high | 8.1 | 8.1 | 3d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: fr… | |||
| CVE-2025-58705 | high | 8.1 | 8.1 | 3d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti… | |||
| CVE-2025-53440 | high | 8.1 | 8.1 | 3d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Con… | |||
| CVE-2025-66467 | high | 8.1 | 8.1 | 28d ago | Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, th… | |||
| CVE-2025-66172 | high | 8.1 | 8.1 | 28d ago | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e… | |||
| CVE-2025-67796 | high | 8.1 | 8.1 | 1mo ago | IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users | |||
| CVE-2025-40897 | high | 8.1 | 8.1 | 2mo ago | An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authen… | |||
| CVE-2025-12805 | high | 8.1 | 8.1 | 2mo ago | A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, … | |||
| CVE-2025-70614 | high | 8.1 | 8.1 | 3mo ago | OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to… | |||
| CVE-2025-15582 | high | 8.1 | 8.1 | 4mo ago | A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the ar… | |||
| CVE-2025-69043 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rash… | |||
| CVE-2025-69042 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lind… | |||
| CVE-2025-69040 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfre… | |||
| CVE-2025-69039 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Ba… | |||
| CVE-2025-49994 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Athens athens allows PHP Local File Inclusion.This issue affects Athe… | |||
| CVE-2025-10856 | high | 8.1 | 8.1 | 4mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection. This issue affects Teknoera: through 01102025. | |||
| CVE-2025-14359 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in brandexponents Oshine allows PHP Local File Inclusion. This issue affects Osh… | |||
| CVE-2025-32304 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH:… | |||
| CVE-2025-15398 | high | 8.1 | 8.1 | 5mo ago | A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. S… | |||
| CVE-2025-69034 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects… | |||
| CVE-2025-15107 | high | 8.1 | 8.1 | 5mo ago | SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key in github.com/actiontech/sqle | |||
| CVE-2025-15085 | high | 8.1 | 8.1 | 5mo ago | A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/Membe… | |||
| CVE-2025-58052 | high | 8.1 | 8.1 | 6mo ago | Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictio… | |||
| CVE-2025-14909 | high | 8.1 | 8.1 | 6mo ago | A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jee… | |||
| CVE-2025-14908 | high | 8.1 | 8.1 | 6mo ago | A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/s… | |||
| CVE-2025-58950 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lione lione allows PHP Local File Inclusion.This issue affects Lio… | |||
| CVE-2025-58949 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spo… | |||
| CVE-2025-58948 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Aromatica aromatica allows PHP Local File Inclusion.This issue aff… | |||
| CVE-2025-58947 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Ath… | |||
| CVE-2025-58946 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Vocal vocal allows PHP Local File Inclusion.This issue affects Voc… | |||
| CVE-2025-58945 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes EcoGrow ecogrow allows PHP Local File Inclusion.This issue affects… | |||
| CVE-2025-58944 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Manufactory manufactory allows PHP Local File Inclusion.This issue… | |||
| CVE-2025-58943 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Agricola agricola allows PHP Local File Inclusion.This issue affec… | |||
| CVE-2025-58942 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Dwell dwell allows PHP Local File Inclusion.This issue affects Dwe… | |||
| CVE-2025-58941 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Fabric fabric allows PHP Local File Inclusion.This issue affects F… | |||
| CVE-2025-58940 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Bas… | |||
| CVE-2025-58937 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Tacticool tacticool allows PHP Local File Inclusion.This issue aff… | |||
| CVE-2025-58936 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Catamaran catamaran allows PHP Local File Inclusion.This issue aff… | |||
| CVE-2025-58934 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes The Gig thegig allows PHP Local File Inclusion.This issue affects … |