CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

CVE-2026-10273

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...

7.5CVSS5.4AI score0.0102EPSS

Exploits0References1

NVD•added 3 days ago•5 views

CVE-2026-10273

7.5CVSS0.0102EPSS

Exploits0References8

EUVD•added 3 days ago•6 views

EUVD-2026-33667

7.5CVSS6.6AI score0.0102EPSS

Exploits0References8

CVE•added 3 days ago•8 views

CVE-2026-10273

Affected software: php-censor (up to 2.1.6). The vulnerability is in the Webhook Endpoint, specifically the file src/Model/Build/GitBuild.php, where manipulating the commitId argument can lead to operating system command injection. Impact is remote: attacker can exploit over the network. The expl...

7.5CVSS6.6AI score0.0102EPSS

Exploits0References8

CNNVD•added 3 days ago•3 views

php-censor: Operating system command injection vulnerability

php-censor is a continuous integration server for the open-source PHP project PHP Censor. Versions of php-censor 2.1.6 and earlier contain an operating system command injection vulnerability. This vulnerability stems from incorrect handling of the commitId parameter in the file...

7.5CVSS7.1AI score0.0102EPSS

Exploits0References8

Positive Technologies•added 3 days ago•8 views

PT-2026-45449

7.5CVSS6.6AI score0.0102EPSS

Exploits0References9

RedhatCVE•added 2026/01/09 9:37 a.m.•4 views

CVE-2024-34914

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its rememberkey value. This allows attackers to bruteforce to bruteforce the rememberkey value to gain access to accounts that have checked "remember me" when logging in...

5.3CVSS7.2AI score0.00076EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-1606

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00076EPSS

Exploits0References4

Veracode•added 2024/05/15 4:1 a.m.•20 views

Weak Hashing Algorithm

php-censor/php-censor is vulnerable to a Weak Hashing Algorithm. The vulnerability is due to the rememberKey being generated using only the MD5 hash of the login timestamp without adding any randomness or salt, making it susceptible to brute-force attacks. This allows attackers to easily compute...

5.3CVSS7AI score0.00076EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2024/05/14 6:31 p.m.•13 views

PHP Censor uses a weak hashing algorithm for the remember me key

5.3CVSS6.9AI score0.00076EPSS

Exploits0References4Affected Software1

NVD•added 2024/05/14 4:17 p.m.•7 views

CVE-2024-34914

5.3CVSS6.9AI score0.00076EPSS

Exploits0References1

CVE•added 2024/05/14 3:14 p.m.•50 views

CVE-2024-34914

The CVE-2024-34914 issue affects php-censor, specifically version 2.1.4 (fixed in 2.1.5). The underlying problem is a weak hashing algorithm used to generate the remember_key, enabling brute-force attempts to access accounts that have the Remember Me option enabled. Public sources (Red Hat, Verac...

5.3CVSS7.2AI score0.00076EPSS

Exploits0References1

Cvelist•added 2024/05/14 3:14 p.m.•12 views

CVE-2024-34914

7.2AI score0.00076EPSS

Exploits0References1

Vulnrichment•added 2024/05/14 3:14 p.m.•12 views

CVE-2024-34914

7.3AI score0.00076EPSS

Exploits0References1

Positive Technologies•added 2024/05/14 12:0 a.m.•2 views

PT-2024-26247 · Unknown · Php-Censor

Name of the Vulnerable Software and Affected Versions: php-censor versions 2.1.4 Description: The issue allows attackers to bruteforce the remember key value, potentially gaining access to accounts that have checked "remember me" when logging in. This could lead to unauthorized access...

6.5CVSS7AI score0.00076EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by