Search Results (1239 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-69162 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Grecko <= 5.17 versions.
CVE-2025-69163 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in WineShop <= 3.17 versions.
CVE-2025-69165 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Choreo <= 1.6 versions.
CVE-2025-69167 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Eros <= 1.3 versions.
CVE-2025-69168 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Spike <= 1.2 versions.
CVE-2025-69176 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in ITactics <= 1.0 versions.
CVE-2026-39522 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Solene <= 3.4 versions.
CVE-2026-39547 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Getaway < 1.8 versions.
CVE-2026-39549 2 Elated-themes, Wordpress 2 Aperitif, Wordpress 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.
CVE-2026-39568 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.
CVE-2026-40731 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
CVE-2026-40721 2026-06-17 7.5 High
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
CVE-2026-39558 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
CVE-2025-58954 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.
CVE-2025-69105 2026-06-16 8.1 High
Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions.
CVE-2026-49954 1 Discuz 1 Discuzx 2026-06-16 7.2 High
Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigger an exception during plugin installation to bypass sanitization routines, causing malicious paths to be stored unsanitized and subsequently passed to include(), which combined with file upload functionality escalates to arbitrary code execution in the context of the web server user.
CVE-2016-20064 2 Myasui, Wordpress 2 Wp Vault, Wordpress 2026-06-09 6.2 Medium
WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials.
CVE-2026-9662 2 Plasmatizemedia, Wordpress 2 Recover Exit For Woocommerce, Wordpress 2026-06-09 8.1 High
The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the user-controlled `tpf` POST parameter before it is used in an `include()` path in the `recover_exit()` function. This makes it possible for unauthenticated attackers to perform path traversal and include unintended local PHP files, which can lead to sensitive information exposure and, in certain deployment chains, code execution.
CVE-2025-11023 1 Arksigner 1 Acbakimzala 2026-06-04 9.8 Critical
Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows PHP Local File Inclusion. This issue affects AcBakImzala: before v5.1.4.
CVE-2025-53440 2 Axiomthemes, Wordpress 2 Confidant, Wordpress 2026-06-02 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4.