Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue exists in the "/styles/" path, which fails to properly sanitize user-supplied input. An attacker can e
A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the s
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of t
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially
Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin
CVE-2025-68645
HIGH CVSS 8.8 KEV
Find Similar
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilt
A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. This flaw could expose internal server files a
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory t
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory
A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin_language_file and default_page_language_file in
Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local file inclusion attack (LFI), where any authenticated user has privileged access to files on the device's
Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion (LFI) vulnerability via its NagVis integration. An authenticated user can supply crafted path values that cause the server to incl
HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlle
An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated
A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler.
WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attack
FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings b
CVE-2025-52816
CRITICAL CVSS 9.8
Find Similar
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita zita allows PHP Local File Inclusion.This issue affects Zita: fr
A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary
Page 1+ Next →