[SECURITY] Fedora 44 Update: php-8.5.6-1.fc44

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Fedora 44 : php (2026-c66eaae759)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c66eaae759 advisory. PHP version 8.5.6 07 May 2026 Core: Fixed bug GH-19983 GC assertion failure with fibers, generators and destructors. iliaal Fixed ZENDAPI mismatch o...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: php: php-8.5.6-1.hum1 aarch64, x8664 php-bcmath-8.5.6-1.hum1 aarch64, x8664 php-cli-8.5.6-1.hum1 aarch64, x8664 php-common-8.5.6-1.hum1 aarch64, x8664 php-dba-8.5.6-1.hum1 aarch64, x8664...

CVE-2026-22761

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

CVE-2026-22761

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

CVE-2026-22761

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

CVE-2026-26942

Dell PowerProtect Data Domain versions 8.5–8.6 are affected by CVE-2026-26942, an OS command injection vulnerability caused by improper neutralization of special elements. The issue could allow a high-privileged attacker with remote access to execute arbitrary commands with root privileges. Affec...

CVE-2026-24505

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

CVE-2025-2274

Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security On-Prem on Windows allows Stored XSS.This issue affects Web Security through 8.5.6...

EUVD-2025-208729

Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security On-Prem on Windows allows Stored XSS.This issue affects Web Security through 8.5.6...

CVE-2025-2274 Stored Cross Site Scripting in Forcepoint Web Security

Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security On-Prem on Windows allows Stored XSS.This issue affects Web Security through 8.5.6...

Forcepoint Web Security 安全漏洞

Forcepoint Web Security is a security platform developed by the US company Forcepoint. It provides robust protection through content-aware defense and cloud-based application discovery and monitoring. There are security vulnerabilities in Forcepoint Web Security versions 8.5.6 and earlier, which...

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via set_starred() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via setstarred vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

CVE-2021-2218

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Health Center. Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterpris...

CVE-2025-64250

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in wpWax Directorist directorist allows Phishing.This issue affects Directorist: from n/a through = 8.6.6...

CVE-2025-11371

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and...

CVE-2024-1130

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

CVE-2023-38561

Improper access control in some IntelR XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-38565

A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges...

CVE-2021-22968

A bypass of adding remote files in Concrete CMS previously concrete5 File Manager leads to remote code execution in Concrete CMS concrete5 versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored i...