Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2025/12/13 4:31 a.m.1 views

CVE-2025-14476 Doubly <= 1.0.46 - Authenticated (Subscriber+) PHP Object Injection via ZIP File Import

The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.46 via deserialization of untrusted input from the content.txt file within uploaded ZIP archives. This makes it possible for authenticated...

8.8CVSS6.3AI score0.00197EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2025/12/13 12:0 a.m.2 views

PT-2025-51078

Name of the Vulnerable Software and Affected Versions Doubly – Cross Domain Copy Paste for WordPress plugin versions up to and including 1.0.46 Description The Doubly – Cross Domain Copy Paste for WordPress plugin is susceptible to PHP Object Injection. This occurs through the deserialization of...

8.8CVSS6.9AI score0.00197EPSS
Exploits0References11
CVE
CVEadded 2025/11/13 7:27 a.m.11 views

CVE-2025-12844

CVE-2025-12844 affects the WordPress plugin AI Engine (versions up to and including 3.1.8). It describes a PHP Object Injection via PHAR Deserialization in rest_simpleTranscribeAudio and rest_simpleVisionQuery. Impact is limited unless a PHP Object Injection (POP) chain exists in another plugin/t...

7.1CVSS6.6AI score0.00098EPSS
Exploits0References6
CVE
CVEadded 2025/11/05 2:25 a.m.10 views

CVE-2025-8871

CVE-2025-8871: Everest Forms Pro for WordPress (≤1.9.7) is vulnerable to unauthenticated PHP Object Injection via PHAR deserialization in mime_content_type(). Attackers can inject a PHP object when a form with a non-required signature field and image upload is present. No POP chain is in the core...

5.6CVSS6.8AI score0.00354EPSS
Exploits0References2
OSV
OSVadded 2023/03/17 10:15 p.m.1 views

DEBIAN-CVE-2023-28115

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any...

9.8CVSS9.5AI score0.11387EPSS
Exploits1References1
OSV
OSVadded 2023/01/02 10:15 p.m.1 views

CVE-2022-4237

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a...

8.8CVSS5.8AI score
Exploits0References1
CNNVD
CNNVDadded 2021/09/24 12:0 a.m.1 views

PortlandLabs Concrete Cms 代码问题漏洞

Concrete CMS is an open source content management system for teams.Concrete CMS 8.5.5 and earlier versions are vulnerable to arbitrary file deletion. An attacker could exploit the vulnerability to delete arbitrary files via PHAR deserialization in isdir...

9.1CVSS8.6AI score0.00681EPSS
Exploits0References3
Rows per page
Query Builder