Security Vulnerabilities
- CVEs Published In December 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Smash smash allows PHP Local File Inclusion.This issue affects Smash: from n/a through <= 1.7.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Catwalk catwalk allows PHP Local File Inclusion.This issue affects Catwalk: from n/a through <= 1.4.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Plan My Day planmyday allows PHP Local File Inclusion.This issue affects Plan My Day: from n/a through <= 1.1.13.
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.
Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.
Memory corruption while loading an invalid firmware in boot loader.
Memory Corruption when processing IOCTLs for JPEG data without verification.
Memory corruption while processing MFC channel configuration during music playback.
Memory corruption while copying packets received from unix clients.