Lucene search
K

26 matches found

EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-42582

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/05/15 6:7 p.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the FileSystemTicketStore process. An attacker can read and unserialize files outside the intended directory, and conditionally delete files, by supplying crafted path traversal sequences in public CAS validation...

8.8CVSS6.3AI score0.00422EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.18 views

PHP SQL注入漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 have a SQL injection vulnerability. This vulnerability stems from the improper handling of NUL bytes by the PDO Firebird driver when processing SQL queries, which can...

9.8CVSS5.9AI score0.00298EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/27 12:0 a.m.9 views

EUVD-2021-23041

SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php...

5.7AI score0.00215EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/01/26 10:37 a.m.3 views

php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement

A flaw was found in PHP. When the PDO PHP Data Objects PostgreSQL driver is configured with PDO::ATTREMULATEPREPARES enabled, a remote attacker can exploit a vulnerability by providing an invalid character sequence within a prepared statement parameter. This can cause a null pointer dereference,...

8.2CVSS5.8AI score0.00573EPSS
Exploits2References5
OSV
OSV
added 2026/01/09 2:6 p.m.4 views

OESA-2026-1024 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

8.2CVSS7.1AI score0.00573EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.13 views

CVE-2023-4314

The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in...

7.2CVSS8.1AI score0.01262EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:27 p.m.9 views

CVE-2018-12421

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

9.8CVSS7AI score0.02759EPSS
Exploits0References1
OSV
OSV
added 2026/01/08 11:48 a.m.7 views

BIT-PHP-2025-14180 NULL Pointer Dereference in PDO quoting

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

8.2CVSS6.8AI score0.00573EPSS
Exploits2References2
AlpineLinux
AlpineLinux
added 2025/12/27 7:21 p.m.4 views

CVE-2025-14180

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

8.2CVSS6.5AI score0.00573EPSS
Exploits2
OSV
OSV
added 2025/12/27 9:4 a.m.27 views

RLSA-2023:2903 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.4.33. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...

8.1CVSS9.4AI score0.49336EPSS
Exploits7References7
Mageia
Mageia
added 2025/12/21 4:11 a.m.12 views

Updated php packages fix security vulnerabilities

Opcache: - Reset global pointers to prevent use-after-free in zendjitstatus. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dnsgetrecord - Heap buffer overflow in arraymerge - Information Leak of Memory in getimagesize...

8.2CVSS7.5AI score0.00573EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-31626

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to...

8.8CVSS9.1AI score0.5838EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-32870

Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info name, version and parameters can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are...

5.8CVSS5.7AI score0.00731EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/23 12:43 p.m.6 views

CVE-2025-39480 WordPress Car Dealer theme < 1.6.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer allows Object Injection.This issue affects Car Dealer: from n/a before 1.6.8...

9.8CVSS7.3AI score0.00503EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/09/23 12:0 a.m.5 views

The vulnerability of the PDO::quote function in the ext/pdo_sqlite/sqlite_driver.c component of the PHP programming language is related to integer overflow. This vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the PDO::quote function in the ext/pdosqlite/sqlitedriver.c component of the PHP programming language is related to integer overflow. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

6.9CVSS7.1AI score0.02154EPSS
Exploits0References8Affected Software4
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.3 views

SUSE CVE-2012-3450

pdosqlparser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted paramet...

2.6CVSS6.4AI score0.11178EPSS
Exploits0References3
OSV
OSV
added 2022/03/25 6:50 p.m.8 views

CVE-2022-26573

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters...

6.1CVSS5.8AI score0.00557EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/05/19 12:0 a.m.21 views

SOURCEFORGE Adminer 跨站脚本漏洞

SOURCEFORGE Adminer is an application from the American SOURCEFORGE community. Provides database management in a single PHP file. A security vulnerability exists in Adminer versions 4.6.1 through 4.8.0, which stems from Adminer's use of the pdo extension to communicate with the database, and...

7.5CVSS5.6AI score0.09572EPSS
Exploits1References5
CNVD
CNVD
added 2019/03/11 12:0 a.m.2 views

PHP Unauthorized Data Access Vulnerability

PHP is a general-purpose open source scripting language. The syntax absorbs the characteristics of the C language , Java and Perl , easy to learn , widely used , mainly in the field of Web development . PHP has an unauthorized data access vulnerability. The vulnerability stems from the way the fi...

7.5CVSS9.1AI score0.07347EPSS
Exploits0References1
Rows per page
Query Builder