Lucene search
K

970 matches found

CVE
CVE
added 2026/02/03 6:29 p.m.20 views

CVE-2026-25235

CVE-2026-25235 affects PEAR (PHP components framework). Before version 1.33.0, predictable verification hashes could allow an attacker to guess verification tokens and potentially verify election account requests without authorization. The issue has been patched in version 1.33.0. Affected scope ...

8.2CVSS5.3AI score0.0025EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/03 6:29 p.m.35 views

CVE-2026-25235 PEAR Has a Predictable Verification Hash in Election Account Requests

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:29 p.m.5 views

CVE-2026-25235 PEAR Has a Predictable Verification Hash in Election Account Requests

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.4AI score0.0025EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:29 p.m.6 views

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.3AI score0.0025EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 6:29 p.m.6 views

CVE-2026-25235 PEAR Has a Predictable Verification Hash in Election Account Requests

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.3AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 6:29 p.m.35 views

CVE-2026-25234 PEAR is Vulnerable to SQL Injection in Category Deletion

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

5.3CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 6:29 p.m.17 views

CVE-2026-25234

PEAR (PHP components framework) before version 1.33.0 is vulnerable to a SQL injection in the category deletion operation when an attacker can access the category manager workflow. The root cause is unsafely handling the category id in this workflow, enabling SQL injection. The issue has been fix...

9.8CVSS5.7AI score0.00252EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:29 p.m.5 views

CVE-2026-25234

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

5.3CVSS5.7AI score0.00252EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 6:29 p.m.3 views

CVE-2026-25234 PEAR is Vulnerable to SQL Injection in Category Deletion

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

5.3CVSS5.7AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:29 p.m.5 views

CVE-2026-25234 PEAR is Vulnerable to SQL Injection in Category Deletion

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

5.3CVSS5.7AI score0.00252EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/03 6:29 p.m.2 views

EUVD-2026-5201

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

5.3CVSS5.7AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 6:29 p.m.5 views

EUVD-2026-5202

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

7.1CVSS5.3AI score0.00314EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 6:29 p.m.25 views

CVE-2026-25233 PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

7.1CVSS0.00314EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:29 p.m.4 views

CVE-2026-25233

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

7.1CVSS5.3AI score0.00314EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/03 6:29 p.m.5 views

CVE-2026-25233 PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

7.1CVSS5.4AI score0.00314EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/03 6:29 p.m.2 views

CVE-2026-25233 PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

7.1CVSS5.3AI score0.00314EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 6:29 p.m.16 views

CVE-2026-25233

PEAR framework (PHP) is affected by a logic bug in the roadmap role check that allowed non-lead maintainers to create, update, or delete roadmaps. The issue is caused by an operator precedence/authorization flaw and has been patched in version 1.33.0. Red Hat/Ubuntu/NVD references describe the sa...

9.1CVSS5.3AI score0.00314EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-6284

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.4AI score0.0025EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6288

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0...

8.2CVSS5.7AI score0.00214EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.10 views

pearweb SQL注入漏洞

PearWeb is a PHP extension and application repository developed by PEAR. Versions of PearWeb prior to 1.33.0 contained a SQL injection vulnerability. This vulnerability stemmed from the category deletion process, where an SQL injection could be exploited by attackers through the use of category I...

9.8CVSS5.8AI score0.00252EPSS
Exploits0References2
Rows per page
Query Builder