Lucene search
K

129 matches found

CVE
CVE
added 9 hours ago8 views

CVE-2026-12116

CVE-2026-12116 affects Xerte Online Toolkits. The vulnerability allows remote code execution by editing the antivirus binary path in the tools server configuration to point to a PHP interpreter, causing any uploaded PHP data to execute. Affected product: Xerte Online Toolkits (open‑source e‑learn...

9.8CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-42582

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...

9.8CVSS5.9AI score
Exploits0References3
CERT
CERT
added 22 hours ago3 views

Xerte Online Toolkit contains an authentication bypass that allows for RCE

Overview Two vulnerabilities have been discovered in Xerte Online Toolkits, an open-source e-learning authoring toolsuite intended for the creation of learning materials within a web browser. CVE-2026-14261 tracks the persistence of the /setup/ directory after installation, which allows an...

9.8CVSS6.6AI score
Exploits0References5
Redos
Redos
added 2025/08/22 12:0 a.m.10 views

ROS-20250822-23

A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...

7.5CVSS7AI score0.00953EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 p.m.5 views

CVE-2022-24637

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '...

9.8CVSS9.4AI score0.99134EPSS
Exploits14References1
BDU FSTEC
BDU FSTEC
added 2025/03/17 12:0 a.m.11 views

The vulnerabilities of the functions php_libxml_input_buffer_create_filename() and php_libxml_sniff_charset_from_stream() in the PHP interpreter allow a hacker to redirect users to any desired URL address.

The vulnerabilities of the functions phplibxmlinputbuffercreatefilename and phplibxmlsniffcharsetfromstream in the PHP interpreter are related to the use of open redirection. Exploiting these vulnerabilities could allow a malicious actor to redirect users to any desired URL address...

4CVSS6.5AI score0.00718EPSS
Exploits1References12Affected Software3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2017-11144

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing...

7.5CVSS6.9AI score0.06164EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/12/02 12:0 a.m.5 views

The vulnerability of the convert.quoted-printable-decode filter in the PHP programming language interpreter allows a hacker to trigger a service failure.

The vulnerability of the convert.quoted-printable-decode filter in the PHP programming language interpreter is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

4.8CVSS6.2AI score0.01618EPSS
Exploits1References12Affected Software4
Redos
Redos
added 2024/10/15 12:0 a.m.13 views

ROS-20241015-14

A vulnerability in the PHP programming language interpreter exists due to a failure to take measures to neutralize the special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...

8.8CVSS7.8AI score0.03686EPSS
Exploits68
Redos
Redos
added 2024/10/15 12:0 a.m.20 views

ROS-20241015-11

A vulnerability in the PHP programming language interpreter exists due to a failure to neutralize special elements. special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...

8.8CVSS7.5AI score0.03686EPSS
Exploits68
F5 Networks
F5 Networks
added 2024/10/07 3:15 a.m.31 views

K000141355: Multiple PHP vulnerabilities

Security Advisory Description CVE-2016-4342 ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact v...

8.8CVSS9.2AI score0.13314EPSS
Exploits5
BDU FSTEC
BDU FSTEC
added 2024/10/02 12:0 a.m.5 views

The vulnerability of the PHP programming language interpreter arises from the failure to address the issue of eliminating special elements that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the PHP programming language interpreter exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS6.8AI score0.03686EPSS
Exploits65References9Affected Software3
Redos
Redos
added 2024/08/16 12:0 a.m.39 views

ROS-20240816-10

A vulnerability in the PHP programming language interpreter is related to the erroneous handling of cookies due to the replacement of spaces, dots, and open square brackets with underscores. as a result of replacing spaces, periods and open square brackets with underscores. Exploitation...

6.5CVSS7.3AI score0.3786EPSS
Exploits0
Redos
Redos
added 2024/08/16 12:0 a.m.38 views

ROS-20240816-16

A vulnerability in the opensslprivatedecrypt function of the PKCS1 Padding Handler component of the PHP programming language interpreter is related to the use of a version of OpenSSL that incorporates changes from the request. PHP programming language interpreter is related to the use of a versio...

9.8CVSS8.2AI score0.99987EPSS
Exploits66
Redos
Redos
added 2024/08/16 12:0 a.m.64 views

ROS-20240816-11

A vulnerability in the procopen function of the PHP programming language interpreter exists due to a failure to take measures to neutralize special elements used by the operating system. to neutralize special elements used in the operating system command. Exploitation exploitation of the...

9.8CVSS8.1AI score0.99987EPSS
Exploits66
Redos
Redos
added 2024/07/30 12:0 a.m.24 views

ROS-20240730-07

A vulnerability in the PHP interpreter is related to improper input validation. Exploitation of the vulnerability could allow an attacker acting remotely to install a standard, unsafe cookie in the victim's browser. insecure cookie...

6.5CVSS7.1AI score0.49336EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2023/10/13 12:0 a.m.7 views

The vulnerability of the phar_dir_read() function in the PHP interpreter allows a hacker to execute arbitrary code.

The vulnerability of the phardirread function in the PHP interpreter arises due to an overflow in the stack buffer. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS7.6AI score0.08003EPSS
Exploits3References10Affected Software6
BDU FSTEC
BDU FSTEC
added 2023/08/31 12:0 a.m.6 views

Vulnerability of PHP, C++, Swift, and Node.js drivers of the MongoDB database management system, related to the exposure of protected information, allowing attackers to gain unauthorized access to protected information.

Vulnerabilities in PHP, C++, Swift, and Node.js drivers of the MongoDB database management system, as well as the PHP programming language interpreter, can lead to the exposure of protected information. Exploiting these vulnerabilities can allow attackers to gain unauthorized access to protected...

4.6CVSS6.6AI score0.00492EPSS
Exploits0References9Affected Software6
Metasploit
Metasploit
added 2023/03/17 7:52 p.m.311 views

Open Web Analytics 1.7.3 - Remote Code Execution (RCE)

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with ' use exploit/multi/http/openwebanalyticsrce msf...

9.8CVSS8.6AI score0.99134EPSS
Exploits14
NVD
NVD
added 2022/11/09 7:15 a.m.35 views

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...

9.8CVSS0.02555EPSS
Exploits3References4
Rows per page
Query Builder