Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/22 8:32 p.m.25 views

CVE-2026-45034 PhpSpreadsheet: File::prohibitWrappers bypass

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parseurl$filename, PHPURLSCHEME and then checks isstring$scheme && strlen$scheme 1 to reject stream wrappers such as...

9.2CVSS0.00351EPSS
Exploits2References1
CVE
CVE
added 2026/06/22 8:32 p.m.82 views

CVE-2026-45034

Summary: PhpSpreadsheet before 1.30.5 contains a bypass in File::prohibitWrappers that can be exploited via phar:// wrapper paths (e.g., phar:///path/file.phar/inner). When input contains three or more slashes after the scheme, parse_url can return false, skipping the check and allowing phar wrap...

9.2CVSS5.9AI score0.00351EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.17 views

CVE-2026-25524

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as getimagesize, fileexists, and isreadable can trigger...

8.1CVSS6AI score0.00539EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.6 views

WordPress plugin Theme Editor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Theme Edit...

7.2CVSS7AI score0.0074EPSS
Exploits0References4
Rows per page
Query Builder