Lucene search
K

703 matches found

Nuclei
Nuclei
added 6 hours ago17 views

Xdebug <= 2.5.5 - Command Injection

Xdebug = 2.5.5 contains an unauthenticated command injection caused by accepting debugger protocol commands without authentication when remote debugging is enabled, letting remote attackers execute arbitrary PHP code and system commands, exploit requires remote debugging enabled. id: CVE-2015-101...

9.3CVSS6.3AI score0.0503EPSS
Exploits1References6
Fedora
Fedora
added 3 days ago9 views

[SECURITY] Fedora 43 Update: composer-2.10.2-1.fc43

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/29 10:3 a.m.7 views

ImageMagick: ImageMagick: Denial of Service via crafted MSL image leading to heap-use-after-free

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A remote attacker could exploit this vulnerability by providing a specially crafted MSL Magick Scripting Language image. Processing this malicious image could trigger a...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a potential security issue involving infinite recursion in the MSL Magick Scripting Language command when writing to MSL format. Version 7.1.2-13 addresses this issue...

5.5CVSS5.2AI score0.00161EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2026/06/23 12:0 a.m.4 views

The vulnerability of the urldecode() function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the urldecode function in the PHP programming language is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

7.8CVSS5.9AI score0.00337EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2026/06/12 8:8 p.m.19 views

CVE-2026-54362

The CVE concerns MISP's event template builder where an incorrect visibility condition allowed authenticated non-site-admin users to see galaxies outside their organisation. The root cause is a PHP comparison expression used instead of a query condition, causing enabled galaxies, including organi...

5.3CVSS5.4AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 11:33 p.m.11 views

CVE-2026-46523

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A remote attacker could exploit this vulnerability by providing a specially crafted MSL Magick Scripting Language image. Processing this malicious image could trigger a...

7.5CVSS5.1AI score0.00301EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/01 3:37 a.m.14 views

php: signed integer overflow in metaphone()

A flaw was found in PHP. The metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References5
OSV
OSV
added 2026/05/12 8:50 a.m.13 views

BIT-LIBPHP-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...

9.8CVSS5.8AI score0.00302EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

编号撤回

R is a statistical computing software from The R Foundation. fe is a lightweight, embeddable ANSI C scripting language developed by rxi. This CVE number has been withdrawn...

5.7AI score0.00075EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: php (UTSA-2026-017496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017496 advisory. In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL wi...

5.3CVSS6.8AI score0.02983EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/05/10 4:43 a.m.18 views

CVE-2026-7263

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS5.8AI score0.00353EPSS
Exploits0
EUVD
EUVD
added 2026/05/08 6:32 a.m.12 views

EUVD-2024-31033

Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page...

7.3CVSS5.9AI score0.0081EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.11 views

PHP 8.5.x < 8.5.6 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.5.6 advisory. - uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabyte...

9.8CVSS5.8AI score0.0078EPSS
Exploits1References23
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.8 views

PT-2026-33987

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...

6.8AI score0.00572EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.8 views

CVE-2026-40301

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize allows...

4.7CVSS5.7AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 10:27 p.m.6 views

CVE-2026-40312

A flaw was found in ImageMagick. A remote attacker could exploit an off-by-one error when processing a specially crafted malicious MSL Magick Scripting Language file. This vulnerability could lead to a denial of service DoS by causing the application to crash, making it unavailable to users...

6.2CVSS5.7AI score0.00177EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/10 7:23 p.m.6 views

CVE-2026-39611

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through = 4.2.9...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/09 12:31 p.m.8 views

EUVD-2026-20884

Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed...

8.8CVSS6AI score0.0027EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2026/04/09 12:0 a.m.96 views

Jumbo Website Manager - Remote Code Execution

Exploit Title: Jumbo Website Manager - Remote Code Execution Application: Jumbo Website Manager Version: v1.3.7 Bugs: RCE Technology: PHP Vendor URL: https://sourceforge.net/projects/jumbo/ Software Link: https://sourceforge.net/projects/jumbo/ Date of found: 28.10.2025 Author: Mirabbas Ağalarov...

5.9AI score
Exploits0
Rows per page
Query Builder