CVE-2026-5261

Affected product: Shandong Hoteam InforCenter PLM up to version 8.3.8. Vulnerable component: the function uploadFileToIIS in /Base/BaseHandler.ashx. Root cause: manipulation of the File argument enables unrestricted upload, enabling remote exploitation. Public exploit exists. No remediation detai...

EUVD-2026-15544

Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through = 8.3.8...

WordPress plugin WoodMart 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2025-67958

Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through = 8.3.8...

CVE-2025-67958 WordPress TaxCloud for WooCommerce plugin <= 8.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through = 8.3.8...

CVE-2025-67958

Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through = 8.3.8...

PT-2026-4038

Name of the Vulnerable Software and Affected Versions TaxCloud for WooCommerce versions through 8.3.8 Description An authorization issue exists in TaxCloud for WooCommerce simple-sales-tax, allowing exploitation of incorrectly configured access control security levels. Recommendations Update...

EUVD-2022-52594

Malicious code in bioql PyPI...

php: Filter bypass in filter_var (FILTER_VALIDATE_URL)

A flaw was found in PHP. An early return in the filtervar FILTERVALIDATEURL function results in invalid user information username + password part of URLs being treated as valid user information. This issue impacts users who expect only completely valid URLs to be returned by filtervar...

Astra Linux – Vulnerability in PHP 8.2

In PHP versions 8.1. before 8.1.29, and 8.2. before 8.2.20, and 8.3. before 8.3.8, due to a code logic error, filtering functions such as filterVar when validating URLs using FILTERVALIDATEURL will result in invalid user information such as username and password parts of URLs being treated as val...

PHP 操作系统命令注入漏洞

PHP is a scripting language for PHP that executes on the server side. A security vulnerability exists in PHP versions prior to 8.1.29, prior to 8.2.20, and prior to 8.3.8, which stems from a misconfiguration when using a Windows code page with a non-standard configuration that points to the OEM...

PT-2024-38419 · WordPress · File Manager Pro

Name of the Vulnerable Software and Affected Versions: File Manager Pro plugin for WordPress versions up to, and including, 8.3.7 Description: The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk file...

GLSA-202408-32 : PHP: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202408-32 PHP: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from the...

CVE-2022-31627 affecting package php for versions less than 8.3.8-1

CVE-2022-31627 affecting package php for versions less than 8.3.8-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-1874 affecting package php for versions less than 8.3.8-1

CVE-2024-1874 affecting package php for versions less than 8.3.8-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-5585 affecting package php for versions less than 8.3.8-1

CVE-2024-5585 affecting package php for versions less than 8.3.8-1. An upgraded version of the package is available that resolves this issue...

PHP &lt; 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

Exploit Title: PHP Windows Remote Code Execution Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://www.php.net/downloads.php Version: PHP 8.3, ',...

Fedora 40 : php (2024-49aba7b305)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-49aba7b305 advisory. PHP version 8.3.8 06 Jun 2024 CGI: Fixed buffer limit on Windows, replacing read call usage by read. David Carlier Fixed bug GHSA-3qgc-jrrr-25jv...

Vulnerabilities fixed in PHP

Vulnerabilities have been fixed in PHP. A malicious person could exploit the vulnerabilities to execute arbitrary code with application privileges. The vulnerability with attribute CVE-2024-4577 is actually a re-entry of the vulnerability with attribute CVE-2012-1823. This vulnerability allows th...

AZL-42438 CVE-2024-5458 affecting package php for versions less than 8.3.8-1

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...