Lucene search
+L

99 matches found

NVD
NVD
added 2026/02/03 7:16 p.m.9 views

CVE-2026-25241

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...

9.8CVSS0.00413EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 7:16 p.m.9 views

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 7:16 p.m.10 views

CVE-2026-25237

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

9.8CVSS0.00395EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 7:16 p.m.15 views

CVE-2026-25234

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

9.8CVSS0.00252EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 7:16 p.m.13 views

CVE-2026-25233

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

9.1CVSS0.00314EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/03 7:16 p.m.10 views

CVE-2026-25237

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

9.8CVSS6AI score0.00395EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/03 7:16 p.m.5 views

CVE-2026-25236

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

9.8CVSS5.7AI score0.00266EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/03 7:16 p.m.4 views

CVE-2026-25240

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

9.8CVSS5.6AI score0.00266EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 7:16 p.m.5 views

UBUNTU-CVE-2026-25233

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

9.1CVSS5.7AI score0.00314EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 7:16 p.m.5 views

UBUNTU-CVE-2026-25237

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

9.8CVSS6.1AI score0.00395EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 7:16 p.m.16 views

UBUNTU-CVE-2026-25238

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

9.8CVSS5.8AI score0.00266EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 7:16 p.m.5 views

UBUNTU-CVE-2026-25240

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

9.8CVSS5.8AI score0.00266EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/03 7:16 p.m.6 views

CVE-2026-25239

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0...

8.2CVSS5.5AI score0.00214EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/03 7:16 p.m.5 views

CVE-2026-25234

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

9.8CVSS5.6AI score0.00252EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/03 7:16 p.m.6 views

CVE-2026-25238

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

9.8CVSS5.6AI score0.00266EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/03 7:16 p.m.4 views

CVE-2026-25241

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...

9.8CVSS5.7AI score0.00413EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 7:16 p.m.4 views

UBUNTU-CVE-2026-25236

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

9.8CVSS5.8AI score0.00266EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/03 7:16 p.m.3 views

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.3AI score0.0025EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/03 7:16 p.m.4 views

CVE-2026-25233

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

9.1CVSS5.4AI score0.00314EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 7:16 p.m.23 views

UBUNTU-CVE-2026-25234

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

9.8CVSS5.8AI score0.00252EPSS
Exploits0References3
Rows per page
Query Builder