Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,149 vulnerabilities with CWE-98

CVE-2026-25381 HIGH

WordPress LoveDate theme < 3.8.6 - Local File Inclusion vulnerability

CVE-2026-25380 HIGH

WordPress Feedy theme < 2.1.5 - Local File Inclusion vulnerability

CVE-2026-25379 HIGH

WordPress StreamVid theme < 6.8.6 - Local File Inclusion vulnerability

CVE-2026-25017 HIGH

WordPress NaturaLife Extensions plugin <= 2.1 - Local File Inclusion vulnerability

CVE-2026-22516 HIGH

WordPress Wizor's theme <= 2.12 - Local File Inclusion vulnerability

CVE-2026-22515 HIGH

WordPress VegaDays theme <= 1.2.0 - Local File Inclusion vulnerability

CVE-2026-22514 HIGH

WordPress Unica theme <= 1.4.1 - Local File Inclusion vulnerability

CVE-2026-22513 HIGH

WordPress Triompher theme <= 1.1.0 - Local File Inclusion vulnerability

CVE-2026-22512 HIGH

WordPress Roisin theme <= 1.2.1 - Local File Inclusion vulnerability

CVE-2026-22511 HIGH

WordPress NeoBeat theme <= 1.2 - Local File Inclusion vulnerability

CVE-2026-22509 HIGH

WordPress Gioia theme <= 1.4 - Local File Inclusion vulnerability

CVE-2026-22508 HIGH

WordPress Dentalux theme <= 3.3 - Local File Inclusion vulnerability

CVE-2026-22506 HIGH

WordPress Amoli theme <= 1.0 - Local File Inclusion vulnerability

CVE-2026-22504 HIGH

WordPress ProLingua theme <= 1.1.12 - Local File Inclusion vulnerability

CVE-2026-22503 HIGH

WordPress Nelson theme <= 1.2.0 - Local File Inclusion vulnerability

CVE-2026-22502 HIGH

WordPress Mr. Cobbler theme <= 1.1.9 - Local File Inclusion vulnerability

CVE-2026-22499 HIGH

WordPress Lella theme <= 1.2 - Local File Inclusion vulnerability

CVE-2026-22498 HIGH

WordPress Laurent theme <= 3.1 - Local File Inclusion vulnerability

CVE-2026-22496 HIGH

WordPress Hypnotherapy theme <= 1.2.10 - Local File Inclusion vulnerability

CVE-2026-22495 HIGH

WordPress Greenville theme <= 1.3.2 - Local File Inclusion vulnerability

CVE-2026-22494 HIGH

WordPress Good Homes theme <= 1.3.13 - Local File Inclusion vulnerability

CVE-2026-22493 HIGH

WordPress Gaspard theme <= 1.3 - Local File Inclusion vulnerability

CVE-2026-33513 HIGH

AVideo <=26.0 API locale - Unauthenticated Local File Inclusion

CVE-2026-33130 MEDIUM

Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)

CVE-2026-22324 HIGH

WordPress Melania theme <= 2.5.0 - Local File Inclusion vulnerability

Previous Page 3 of 46 Next

Details

Vulnerabilities 1,149

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy