Lucene search
+L

718 matches found

nuclei
nuclei
added 11 hours ago30 views

Apache2 - Transfer-Encoding Chunked XSS

Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapiapache2.c. Attackers can execute malicious scripts via crafted...

6.1CVSS6.7AI score0.04103EPSS
Exploits1References5
euvd
euvd
added yesterday4 views

EUVD-2026-44723

Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration validates GitHub OAuth tokens with the regex ^.A-Za-z0-9+$ and interpolates rejected tokens into an UnexpectedValueException; GitHub Actions GITHUBTOKEN values using t...

7.5CVSS6AI score0.00079EPSS
Exploits0References9
cvelist
cvelist
added yesterday28 views

CVE-2026-45793 Composer: Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration validates GitHub OAuth tokens with the regex ^.A-Za-z0-9+$ and interpolates rejected tokens into an UnexpectedValueException; GitHub Actions GITHUBTOKEN values using t...

7.5CVSS0.00079EPSS
Exploits0References9
nessus
nessus
added 6 days ago9 views

Linux Distros Unpatched Vulnerability : CVE-2026-59856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References4
nvd
nvd
added 2026/07/09 2:16 p.m.8 views

CVE-2026-12116

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...

9.8CVSS0.0038EPSS
Exploits0References3
osv
osv
added 2026/07/08 8:16 p.m.3 views

UBUNTU-CVE-2026-59948

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS6.1AI score0.00132EPSS
Exploits0References3
redhat
redhat
added 2026/06/30 11:12 a.m.8 views

php: NULL pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

A flaw was found in PHP. When an attacker input can influence the encoding passed to mbregexencoding and the application subsequently uses mbregex search APIs, a NULL pointer dereference can occur due to a mismatch between the Oniguruma and mbfl encoding support. This issue can cause a crash in t...

6.5CVSS6.5AI score0.00202EPSS
Exploits0References5
redhat
redhat
added 2026/06/30 11:12 a.m.8 views

php: NULL pointer dereference in SOAP apache:Map decoder with missing <value>

A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding process checks the incorrect variable in case of a missing value element. This incorrect check leads to a NULL pointer dereference and allows a remote unauthenticated attacker to crash the PHP SOAP...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References5
rocky
rocky
added 2026/06/06 12:4 p.m.27 views

php security update

An update is available for php. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...

8.8CVSS5.5AI score0.0078EPSS
Exploits1
nessus
nessus
added 2026/06/06 12:0 a.m.10 views

RHEL 10 : php (RHSA-2026:23388)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23388 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via...

8.8CVSS5.7AI score0.0078EPSS
Exploits1References13
rocky
rocky
added 2026/06/05 12:4 p.m.16 views

php8.4 security update

An update is available for php8.4. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language. PHP attempts to make it easy for...

9.1CVSS5.7AI score0.0078EPSS
Exploits1
redhat
redhat
added 2026/06/04 4:15 p.m.13 views

php: NULL pointer dereference in SOAP apache:Map decoder with missing <value>

A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding process checks the incorrect variable in case of a missing value element. This incorrect check leads to a NULL pointer dereference and allows a remote unauthenticated attacker to crash the PHP SOAP...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References5
euvd
euvd
added 2026/06/02 12:41 p.m.17 views

EUVD-2026-33916

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References1
redhat
redhat
added 2026/06/01 11:21 a.m.25 views

php: NULL pointer dereference in SOAP apache:Map decoder with missing <value>

A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding process checks the incorrect variable in case of a missing value element. This incorrect check leads to a NULL pointer dereference and allows a remote unauthenticated attacker to crash the PHP SOAP...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References5
osv
osv
added 2026/06/01 6:3 a.m.15 views

RLSA-2026:22142 Important: php:8.3 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

7.5CVSS5.9AI score0.0078EPSS
Exploits1References5
packetstormnews
packetstormnews
added 2026/06/01 12:0 a.m.64 views

Poking around in the Dark: Why a Shared Understanding of Components Matters

By listing the components included in an application, Software Bills of Materials SBOMs are intended to support the timely identification of vulnerable components and ensure the security of the software supply chain. However, we question the underlying assumption that there is agreement on the...

5.8AI score
Exploits0
nessus
nessus
added 2026/06/01 12:0 a.m.11 views

RockyLinux 8 : php:8.2 (RLSA-2026:22305)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22305 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

8.8CVSS6AI score0.0078EPSS
Exploits1References9
ptsecurity
ptsecurity
added 2026/05/30 12:0 a.m.17 views

PT-2026-45112

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute...

9.8CVSS6.4AI score0.00771EPSS
Exploits1References6
nessus
nessus
added 2026/05/29 12:0 a.m.14 views

SUSE SLES15 Security Update : php7 (SUSE-SU-2026:2091-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2091-1 advisory. This update for php7 fixes the following issues - CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code...

9.8CVSS6.5AI score0.0078EPSS
Exploits1References19
redhatcve
redhatcve
added 2026/05/26 2:41 p.m.17 views

CVE-2026-7568

A flaw was found in PHP. The metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References4
Rows per page
Query Builder