CVE-2026-8131

SourceCodester SUP Online Shopping 1.0 contains a SQL injection in /admin/replymsg.php via the msgid parameter. The affected component is a server-side PHP script handling admin replies. Exploitation is remote and the vulnerability is evidenced by publicly released exploits; CVSS data indicate a ...

SUSE CVE-2014-2027

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...

CVE-2026-8126 SourceCodester Comment System post_comment.php sql injection

A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file postcomment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used...

EUVD-2026-28475

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been...

1C-Bitrix 安全漏洞

1C-Bitrix is a website platform system developed by the Russian company 1C-Bitrix. It integrates content management, e-commerce, and enterprise portal functions. Versions of 1C-Bitrix 25.100.500 and earlier contained security vulnerabilities. These vulnerabilities stemmed from users with the RIGH...

PT-2026-38644

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description A remote SQL injection is possible via an unknown function within the '/admin/viewmsg.php' file. The issue occurs when the msgid argument is manipulated, allowing an attacker to...

Linux Distros Unpatched Vulnerability : CVE-2026-7262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding...

Debian dsa-6255 : libapache2-mod-php8.2 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6255 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6255-1 [email protected] https://www.debian.org/securit...

Debian dsa-6256 : libapache2-mod-php8.4 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6256 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6256-1 [email protected] https://www.debian.org/securit...

Linux Distros Unpatched Vulnerability : CVE-2026-7258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctyp...

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

emlog 跨站请求伪造漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF protection in critical management functions, which could allow attackers to trick...

CVE-2025-67886

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged...

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

CVE-2024-33288

Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page...

Linux Distros Unpatched Vulnerability : CVE-2025-14179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when...

Linux Distros Unpatched Vulnerability : CVE-2026-6722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores...

Slackware Linux 15.0 / current php82 Multiple Vulnerabilities (SSA:2026-127-03)

The version of php82 installed on the remote host is prior to 8.2.31 / 8.4.21. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-127-03 advisory. New php packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

Linux Distros Unpatched Vulnerability : CVE-2026-7259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads...

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...