Lucene search
K

99 matches found

Cvelist
Cvelist
added 2026/02/03 6:29 p.m.33 views

CVE-2026-25237 PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

9.2CVSS0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 6:29 p.m.4 views

CVE-2026-25237 PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

9.2CVSS6AI score0.00395EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 6:29 p.m.15 views

CVE-2026-25237

CVE-2026-25237 affects the PEAR framework. Prior to version 1.33.0, handling of bug update emails using preg_replace() with the /e modifier can lead to PHP code execution when attacker-controlled content is evaluated. The issue has been fixed in PEAR version 1.33.0. Based on connected documents, ...

9.8CVSS6AI score0.00395EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/03 6:29 p.m.17 views

EUVD-2026-5198

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

9.2CVSS6AI score0.00395EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:29 p.m.7 views

CVE-2026-25237

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

9.2CVSS6AI score0.00395EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/03 6:29 p.m.7 views

CVE-2026-25237 PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

9.2CVSS6AI score0.00395EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:29 p.m.4 views

CVE-2026-25236

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

6.9CVSS5.6AI score0.00266EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 6:29 p.m.5 views

CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

6.9CVSS5.6AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 6:29 p.m.30 views

CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

6.9CVSS0.00266EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 6:29 p.m.5 views

EUVD-2026-5199

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

6.9CVSS5.6AI score0.00266EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:29 p.m.7 views

CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

6.9CVSS5.6AI score0.00266EPSS
Exploits0References3
CVE
CVE
added 2026/02/03 6:29 p.m.19 views

CVE-2026-25235

CVE-2026-25235 affects PEAR (PHP components framework). Before version 1.33.0, predictable verification hashes could allow an attacker to guess verification tokens and potentially verify election account requests without authorization. The issue has been patched in version 1.33.0. Affected scope ...

8.2CVSS5.3AI score0.0025EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/03 6:29 p.m.33 views

CVE-2026-25235 PEAR Has a Predictable Verification Hash in Election Account Requests

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:29 p.m.6 views

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.3AI score0.0025EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 6:29 p.m.6 views

CVE-2026-25235 PEAR Has a Predictable Verification Hash in Election Account Requests

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.3AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:29 p.m.5 views

CVE-2026-25235 PEAR Has a Predictable Verification Hash in Election Account Requests

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.4AI score0.0025EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/03 6:29 p.m.34 views

CVE-2026-25234 PEAR is Vulnerable to SQL Injection in Category Deletion

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

5.3CVSS0.00252EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:29 p.m.5 views

CVE-2026-25234

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

5.3CVSS5.7AI score0.00252EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 6:29 p.m.3 views

CVE-2026-25234 PEAR is Vulnerable to SQL Injection in Category Deletion

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

5.3CVSS5.7AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 6:29 p.m.2 views

EUVD-2026-5201

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

5.3CVSS5.7AI score0.00252EPSS
Exploits0References1
Rows per page
Query Builder