Moderate: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: grafana-rollout-operator, kaf, spire-controller-manager, ctop, postgres-operator, gatekeeper, cluster-api-ipam-provider-in-cluster, crossplane-provider-aws-kms, gitaly, telegraf, kserve, octo-sts, crossplane-provider-aws-kinesis, kafka-proxy, apache-exporter,...

GHSA-J3GX-2473-5FP8 vulnerabilities

Vulnerabilities for packages: grafana-rollout-operator, kaf, spire-controller-manager, ctop, postgres-operator, gatekeeper, cluster-api-ipam-provider-in-cluster, crossplane-provider-aws-kms, gitaly, telegraf, kserve, octo-sts, crossplane-provider-aws-kinesis, kafka-proxy, apache-exporter,...

GHSA-RV83-G57W-FR8J vulnerabilities

Vulnerabilities for packages: grafana-rollout-operator, kaf, spire-controller-manager, ctop, postgres-operator, gatekeeper, cluster-api-ipam-provider-in-cluster, crossplane-provider-aws-kms, gitaly, telegraf, kserve, octo-sts, crossplane-provider-aws-kinesis, kafka-proxy, xcaddy, apache-exporter,...

WordPress Love Story theme <= 1.3.12 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Love Story versions = 1.3.12...

WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Work & Travel Company versions = 1.2...

WordPress Buisson theme <= 1.1.11 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Buisson versions = 1.1.11...

WordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin TotalContest Lite versions = 2.9.1...

RHSA-2026:4086 Red Hat Security Advisory: php security update

Bulletin has no description...

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is a set of open-source online survey programs developed by the LimeSurvey team. It supports functions such as survey program development, survey questionnaire publishing, and data collection. Versions of LimeSurvey prior to 6.15.0+250623 had security vulnerabilities, which...

CVE-2026-3763

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could b...

CVE-2026-3764

A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadminuserupdate.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed...

SPIP Saisies Plugin Unauthenticated RCE

This module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin CVE-2025-71243. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requir...

Moderate: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

Moderate: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

WordPress Melody theme <= 1.6.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Melody versions = 1.6.3...

WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Beelove versions = 1.2.6...

CVE-2025-40639

CVE-2025-40639 — Eventobot SQL injection is confirmed by connected sources. The vulnerability affects Eventobot and is exploitable via the promo_send parameter in the /assets/php/calculate_discount.php endpoint. The underlying issue allows an attacker to perform SQL operations including retrieve,...

CVE-2025-40639

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...