CVE-2026-44239

Affected software : FreePBX Dashboard module (Dashboard getcontent AJAX handler). Vulnerability : Prior to 16.0.22 and 17.0.5, the handler includes PHP files based on unsanitized user input, concatenating $_REQUEST['rawname'] into an include() call with a .class.php suffix. This enables path trav...

CVE-2026-48527

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

EUVD-2026-33286

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

CVE-2026-48527 HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

CVE-2026-9559

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...

CVE-2025-11993 WooCommerce Infinite Scroll and Ajax Pagination <= 1.8 - Authenticated (Subscriber+) PHP Object Injection

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'importsettings' function. This is due to deserialization of untrusted data supplied via the import...

EUVD-2025-209981

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'importsettings' function. This is due to deserialization of untrusted data supplied via the import...

Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

Juniper J-Web - Remote Code Execution

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands id: CVE-2023-36845 info: name: Juniper J-Web - Remote Code...

Cockpit CMS 0.6.1 - Remote Code Execution

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI. id: CVE-2020-35131 info: name: Cockpit CMS 0.6.1 ...

PT-2026-44877

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick lat and tick lng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract...

PT-2026-44901

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...

CVE-2026-36324

SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting XSS due to improper handling of user supplied input in the user registration functionality in register.php...

SUSE SLES15 Security Update : php7 (SUSE-SU-2026:2091-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2091-1 advisory. This update for php7 fixes the following issues - CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code...

PT-2026-44879

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to sever graph.php with crafted SQL payloads to extract sensitive databa...

PT-2026-44882

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket id parameter. Attackers can send GET requests to add facnote.php with crafted SQL payloads to extract sensitive...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the view/update.php script, which read $POSTupdateFile as a relative path under the...

PT-2026-44866

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi foto.php, aksi user.php, and aksi kecamatan.php to execute arbitra...

📄 MixPHP Framework 2.2.17 Deserialization / Arbitrary Code Execution

MixPHP Framework versions 2.x through 2.2.17 suffer from an insecure deserialization vulnerability that allows for remote code execution. Exploit Title: MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution Date: 2026-05-14 Exploit Author: cardosource Vendor Homepage:...

PT-2026-44871

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate download.php with path traversal payloads ../../../cfg/globals.php to...