Lucene search
K

99 matches found

OSV
OSV
added 2026/02/03 7:16 p.m.5 views

UBUNTU-CVE-2026-25238

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

9.8CVSS5.8AI score0.00266EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 7:16 p.m.2 views

UBUNTU-CVE-2026-25234

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

9.8CVSS5.8AI score0.00252EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/03 6:31 p.m.2 views

CVE-2026-25241 PEAR is Vulnerable to SQL Injection in /get/<package>/<version> Endpoint

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...

9.3CVSS6.1AI score0.00413EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 6:31 p.m.29 views

CVE-2026-25241 PEAR is Vulnerable to SQL Injection in /get/<package>/<version> Endpoint

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...

9.3CVSS0.00413EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:31 p.m.3 views

CVE-2026-25241

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...

9.3CVSS6.1AI score0.00413EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/03 6:31 p.m.6 views

CVE-2026-25241 PEAR is Vulnerable to SQL Injection in /get/<package>/<version> Endpoint

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...

9.3CVSS6.1AI score0.00413EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:31 p.m.5 views

CVE-2026-25240

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

6.9CVSS5.6AI score0.00266EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/03 6:31 p.m.30 views

CVE-2026-25240 PEAR is Vulnerable to SQL Injection in user::maintains() Role IN() Filter

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

6.9CVSS0.00266EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 6:31 p.m.10 views

EUVD-2026-5195

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

6.9CVSS5.6AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 6:31 p.m.2 views

CVE-2026-25240 PEAR is Vulnerable to SQL Injection in user::maintains() Role IN() Filter

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

6.9CVSS5.6AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 6:30 p.m.5 views

CVE-2026-25239 PEAR is Vulnerable to SQL Injection in apidoc_queue Insert via Unescaped Filename

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0...

8.2CVSS5.6AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 6:30 p.m.16 views

CVE-2026-25239

CVE-2026-25239 affects PEAR prior to version 1.33.0, where a SQL injection vulnerability exists in the apidoc queue insertion that could allow query manipulation if an attacker can influence the inserted filename value. The issue has been patched in version 1.33.0. Connected sources (Red Hat, NVD...

8.2CVSS5.6AI score0.00214EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/03 6:30 p.m.7 views

EUVD-2026-5196

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0...

8.2CVSS5.6AI score0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:30 p.m.4 views

CVE-2026-25239

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0...

8.2CVSS5.6AI score0.00214EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/03 6:30 p.m.30 views

CVE-2026-25239 PEAR is Vulnerable to SQL Injection in apidoc_queue Insert via Unescaped Filename

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0...

8.2CVSS0.00214EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:30 p.m.7 views

CVE-2026-25239 PEAR is Vulnerable to SQL Injection in apidoc_queue Insert via Unescaped Filename

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0...

8.2CVSS5.6AI score0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/03 6:30 p.m.2 views

CVE-2026-25238 PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

9.2CVSS5.6AI score0.00266EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:30 p.m.4 views

CVE-2026-25238

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

9.2CVSS5.6AI score0.00266EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/03 6:30 p.m.29 views

CVE-2026-25238 PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

9.2CVSS0.00266EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:30 p.m.8 views

CVE-2026-25238 PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

9.2CVSS5.6AI score0.00266EPSS
Exploits0References3
Rows per page
Query Builder