584 matches found
Astra Linux – Vulnerability in PHP 8.1, PHP 7.3
In PHP versions starting from 8.1. up to 8.1.32, and from 8.2. up to 8.2.28, as well as in versions starting from 8.3. up to 8.3.19, and from 8.4. up to 8.4.5, when the HTTP request module parses HTTP responses received from servers, folded headers are parsed incorrectly. This may lead to...
Astra Linux – Vulnerability in PHP 7.3
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, the core path resolution function allocates a buffer that is one byte too small. When resolving paths with lengths close to the system’s MAXPATHLEN setting, this may result in the byte after the allocated buffer being...
Astra Linux – Vulnerability in Nasm
There is a use-after-free in asm/preproc.c function ppgetline in Netwide Assembler NASM 2.14rc16, which will cause a denial of service during a line-number increment attempt...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, and 8.2. before 8.2.7, when using SOAP HTTP Digest Authentication, the random value generator was not checked for failures. It used a narrower range of values than necessary. In the event of a random value generator failure, it could lead to...
Astra Linux – Vulnerability in Nasm
There is an illegal address access in asm/preproc.c function: ismmacro within Netwide Assembler NASM 2.14rc16. This issue may lead to a denial of service due to out-of-bounds array access, as a certain conversion can result in a negative integer...
Astra Linux – Vulnerability in Nasm
In Netwide Assembler NASM 2.15rc0, a heap-based buffer over-read occurs due to a malicious .asm file during the call to settextfree from expandonesmacro in asm/preproc.c...
Astra Linux – Vulnerability in Nasm
In NASM 2.15.04rc3, there is a double-free vulnerability in the pptokline asm/preproc.c file. This issue has been fixed in the commit numbered 8806c3ca007b84accac21dd88b900fb03614ceb7...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26, and 8.0.x below 8.0.13, certain XML parsing functions, such as simplexmlloadfile, decode the filename passed to them using URL encoding. If the filename contains a URL-encoded NUL character, this may cause the function to interpret this as t...
Astra Linux – Vulnerability in libonig
Oniguruma, as used in PHP 7.3.x and other products, has a heap-based buffer over-read issue in the strlowercasematch function in regexec.c...
UBUNTU-CVE-2026-48979
PHP Standard Library PSL is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 and 6.2.0, the Psl\H2\ServerConnection does not validate that the total bytes received in DATA frames match the content-length header declared in the...
CVE-2026-40738
Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...
CVE-2026-40753
Unauthenticated PHP Object Injection in EasyMeals = 1.5.1 versions...
CVE-2026-27429
Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...
CVE-2026-40760
WordPress Behold theme
CVE-2026-40758
The CVE concerns WordPress Léonie theme versions
PT-2026-50127
Name of the Vulnerable Software and Affected Versions Fusion Builder versions prior to 3.15.5 Description A PHP Object Injection issue exists in the software. This occurs when an application deserializes untrusted data, allowing an attacker to manipulate the objects created and potentially execut...
PT-2026-50118
Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...
PT-2026-50114
Unauthenticated PHP Object Injection in TechLink = 1.3 versions...
PT-2026-49377
Name of the Vulnerable Software and Affected Versions ShortPixel Image Optimizer versions prior to 6.4.4 Description PHP Object Injection occurs in the software. This issue allows an attacker to inject malicious objects into the application, which can lead to unauthorized code execution or other...
JLSEC-2026-586
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash in modules/preprocs/nasm/nasm-pp.c...