Skip to main content
CVE-2026-24790 HIGH This Week

Unauthenticated remote attackers can manipulate the underlying PLC controller on affected devices due to missing authentication controls, enabling modification of device operations and potential service disruption. The vulnerability requires no user interaction and can be exploited over the network, with no official patch currently available to mitigate the risk.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-2818 HIGH This Week

Spring Data Geode's snapshot import feature on Windows systems is vulnerable to path traversal attacks that enable attackers to write arbitrary files outside the intended extraction directory. Remote attackers can exploit this vulnerability without authentication to potentially overwrite critical system or application files. No patch is currently available.

Path Traversal Microsoft Java
NVD HeroDevs VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-67977 HIGH This Week

VillaTheme HAPPY happy-helpdesk-support-ticket-system is affected by missing authorization (CVSS 8.2).

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-20761 HIGH This Week

EnOcean SmartServer IoT versions 4.60.009 and earlier are vulnerable to unauthenticated remote command injection through maliciously crafted LON IP-852 management messages, enabling attackers to execute arbitrary OS commands with high privileges on affected devices. This network-accessible vulnerability requires no user interaction and affects IoT deployments with no available patch currently available.

IoT Command Injection
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-22381 HIGH This Week

Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends is affected by php remote file inclusion (CVSS 8.1).

WordPress PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22380 HIGH This Week

Local file inclusion in AncoraThemes Unlimhost through version 1.2.3 allows unauthenticated attackers to read arbitrary files from the server via improper handling of include/require statements. The vulnerability carries high confidentiality and integrity impact, enabling attackers to potentially access sensitive configuration files or execute code through log poisoning techniques. No patch is currently available for this issue.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22379 HIGH This Week

AncoraThemes Netmix versions 1.0.10 and earlier contain a local file inclusion vulnerability in PHP file handling that allows unauthenticated remote attackers to read sensitive files from the affected system. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to traverse directories and access arbitrary files on the server. No patch is currently available for this high-severity issue (CVSS 8.1).

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22378 HIGH This Week

Blabber through version 1.7.0 contains a local file inclusion vulnerability in its PHP code that allows unauthenticated attackers to read arbitrary files from the server. An attacker can exploit improper filename validation in include/require statements to access sensitive system files without authentication. No patch is currently available for this high-severity vulnerability affecting PHP environments.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22377 HIGH This Week

Local file inclusion in AncoraThemes Saveo through version 1.1.2 enables unauthenticated attackers to read arbitrary files on affected servers through improper input validation on file inclusion functions. The vulnerability carries high severity with complete confidentiality and integrity impacts, though no patch is currently available.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22376 HIGH This Week

AncoraThemes Parkivia through version 1.1.9 contains a local file inclusion vulnerability in its PHP include/require handling that allows unauthenticated remote attackers to read arbitrary files from the server. The vulnerability exploits improper filename control mechanisms to access sensitive system files without authentication. No patch is currently available, and exploitation requires moderate attack complexity but results in high confidentiality, integrity, and availability impact.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22375 HIGH This Week

AncoraThemes Impacto Patronus through version 1.2.3 contains a local file inclusion vulnerability in its PHP include/require handling that allows attackers to read arbitrary files on the server. An unauthenticated remote attacker can exploit this vulnerability to access sensitive configuration files, credentials, and other protected data without authentication. No patch is currently available for this vulnerability.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22374 HIGH This Week

AncoraThemes Zio Alberto through version 1.2.2 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. The vulnerability stems from improper validation of file paths in include/require statements, enabling attackers to traverse the filesystem and access sensitive data. No patch is currently available for this issue.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22373 HIGH This Week

PHP Local File Inclusion in AncoraThemes Fooddy through version 1.3.10 enables attackers to read arbitrary files on the server through improper input validation in file inclusion mechanisms. An unauthenticated remote attacker can exploit this vulnerability over the network to access sensitive files and potentially execute arbitrary code, achieving high impact on confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22372 HIGH This Week

AncoraThemes Isida through version 1.4.2 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. The flaw stems from improper validation of include/require statements, enabling attackers to access sensitive files and potentially execute arbitrary code. No patch is currently available, and exploitation requires moderate complexity conditions.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22371 HIGH This Week

AncoraThemes Gustavo plugin version 1.2.2 and earlier contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files from the server. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to traverse the filesystem and access sensitive data. With no available patch, affected sites running vulnerable versions face significant risk of information disclosure.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22370 HIGH This Week

Axiomthemes Marveland versions up to 1.3.0 contain a local file inclusion vulnerability in PHP that allows unauthenticated attackers to read arbitrary files on the server through improper handling of include/require statements. An attacker can exploit this weakness over the network without user interaction to disclose sensitive information or potentially execute arbitrary code. No patch is currently available.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22369 HIGH This Week

Local file inclusion in AncoraThemes Ironfit through version 1.5 enables unauthenticated attackers to read arbitrary files from the server through improper handling of file inclusion parameters. The vulnerability grants high-impact access to sensitive data and potential system compromise without authentication or user interaction required. No patch is currently available for affected installations.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22368 HIGH This Week

Local file inclusion in Axiomthemes Redy versions up to 1.0.2 allows unauthenticated attackers to read arbitrary files from the affected server by manipulating include/require statements. An attacker can exploit this vulnerability over the network to disclose sensitive information such as configuration files or source code. No patch is currently available for this vulnerability.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22367 HIGH This Week

AncoraThemes Coworking plugin through version 1.6.1 contains a local file inclusion vulnerability in its PHP file handling that could allow attackers to read arbitrary files from the affected server. An unauthenticated remote attacker can exploit improper input validation on filename parameters to access sensitive system files and potentially execute arbitrary code. No patch is currently available for this vulnerability.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22366 HIGH This Week

Axiomthemes Jude through version 1.3.0 contains a local file inclusion vulnerability in its PHP include/require handling that allows unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability requires specific conditions to be met (high complexity) but results in complete compromise of confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22365 HIGH This Week

PHP Remote File Inclusion in Soleng WordPress theme.

PHP LFI Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22364 HIGH This Week

Improper file inclusion validation in axiomthemes SevenTrees PHP plugin versions 1.0.2 and earlier enables unauthenticated attackers to include and execute arbitrary local files through remote requests. This remote file inclusion vulnerability allows attackers to execute malicious PHP code with full system privileges. Currently no patch is available and the vulnerability has low exploit probability.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22363 HIGH This Week

Axiom Themes Rhodos through version 1.3.3 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. The improper validation of include/require statements enables attackers to access sensitive application data and configuration files without authentication. Currently no patch is available for this vulnerability.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22362 HIGH This Week

Axiomthemes Photolia through version 1.0.3 contains a local file inclusion vulnerability in its PHP include/require handling that enables attackers to read arbitrary files from the affected server. An unauthenticated remote attacker can exploit this weakness over the network to access sensitive information without user interaction. No patch is currently available, making this a high-severity risk for active installations of this theme.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22361 HIGH This Week

PHP Local File Inclusion in axiomthemes A-Mart versions up to 1.0.2 enables unauthenticated remote attackers to read arbitrary files from the server through improper handling of include/require statements. An attacker can leverage this vulnerability to disclose sensitive configuration files, source code, or other confidential data accessible to the web server process. No patch is currently available for this vulnerability.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22344 HIGH This Week

Mikado-Themes FiveStar plugin through version 1.7 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. The vulnerability stems from improper validation of filename parameters in include/require statements, enabling attackers to access sensitive configuration files and other protected resources. No patch is currently available, though exploitation requires specific conditions to be met.

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69410 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Belletrist belletrist allows PHP Local File Inclusion.This issue affects Belletrist: from n/a through <= 1.2. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69409 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes PJ | Life & Business Coaching pj allows PHP Local File Inclusion.This issue affects PJ | Life & Business Coaching: from n/a through <= 3.0.0. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69408 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes HealthFirst healthfirst allows PHP Local File Inclusion.This issue affects HealthFirst: from n/a through <= 1.0.1. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69407 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through <= 2.5.1. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69406 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX FreightCo freightco allows PHP Local File Inclusion.This issue affects FreightCo: from n/a through <= 1.1.7. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69402 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX R&F rf allows PHP Local File Inclusion.This issue affects R&F: from n/a through <= 1.5. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69400 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yokoo yokoo allows PHP Local File Inclusion.This issue affects Yokoo: from n/a through <= 1.1.11. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69399 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Cobble cobble allows PHP Local File Inclusion.This issue affects Cobble: from n/a through <= 1.7. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69398 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Plank plank allows PHP Local File Inclusion.This issue affects Plank: from n/a through <= 1.7. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69397 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tint tint allows PHP Local File Inclusion.This issue affects Tint: from n/a through <= 1.7. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69396 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Splendour splendour allows PHP Local File Inclusion.This issue affects Splendour: from n/a through <= 1.23. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69395 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gable gable allows PHP Local File Inclusion.This issue affects Gable: from n/a through <= 1.5. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69375 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through <= 1.2.5. [CVSS 8.1 HIGH]

WordPress PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69374 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Eleblog - Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog - Elementor Blog And Magazine Addons: from n/a through <= 2.0.3. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69322 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through < 1.5.9. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-68543 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-68539 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-68536 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67992 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through < 2.1. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67988 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.9.1. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67982 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67981 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67980 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17. [CVSS 8.1 HIGH]

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-60087 HIGH This Week

Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon is affected by php remote file inclusion (CVSS 8.1).

PHP LFI
NVD
CVSS 3.1
8.1
EPSS
0.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy