BIT-PHP-MIN-2026-6735 XSS within PHP-FPM status endpoint

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

PT-2026-40310

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

OPENSUSE-SU-2026:10747-1 php8-8.5.6-1.1 on GA media

These are all security issues fixed in the php8-8.5.6-1.1 package on the GA media of openSUSE Tumbleweed...

UBUNTU-CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

PHP 缓冲区错误漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.4.21 and 8.5.6 contained a buffer error vulnerability. This vulnerability arises when a code name containing a NUL byte is passed to the mbconvertencoding or related mbstring functions. The code...

PHP 8.5.x < 8.5.6 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.5.6 advisory. - uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabyte...

CVE-2025-2274

Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security On-Prem on Windows allows Stored XSS.This issue affects Web Security through 8.5.6...

CVE-2025-2274

The CVE-2025-2274 entry describes a Stored Cross-Site Scripting (XSS) issue in Forcepoint Web Security (On-Prem) for Windows, caused by improper input neutralization during web page generation. Affects Forcepoint Web Security through version 8.5.6; no explicit exploit details are provided. CVSSv4...

CVE-2025-2274 Stored Cross Site Scripting in Forcepoint Web Security

Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security On-Prem on Windows allows Stored XSS.This issue affects Web Security through 8.5.6...

CVE-2021-22966

Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group...

CVE-2025-64250

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in wpWax Directorist directorist allows Phishing.This issue affects Directorist: from n/a through = 8.6.6...

CVE-2025-64250 WordPress Directorist plugin <= 8.6.6 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in wpWax Directorist directorist allows Phishing.This issue affects Directorist: from n/a through = 8.6.6...

CVE-2025-64250 WordPress Directorist plugin <= 8.6.6 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in wpWax Directorist directorist allows Phishing.This issue affects Directorist: from n/a through = 8.6.6...

PT-2025-51398

Name of the Vulnerable Software and Affected Versions Directorist versions through 8.5.6 Description An open redirect issue exists in wpWax Directorist, potentially enabling phishing attacks. The vulnerability allows redirection to untrusted sites. Recommendations Update Directorist to a version...

EUVD-2023-44773

Malicious code in bioql PyPI...

EUVD-2024-16689

Malicious code in bioql PyPI...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2025-36099)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

VulnCheck KEV: CVE-2020-7136

A security vulnerability in HPE Smart Update Manager SUM prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager SUM prior to 8.5.6. Please visit the HPE Support Center at...

CVE-2024-6133

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-21117

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Core. Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...