BIT-PHP-MIN-2026-7258 Out-of-bounds read in urldecode() on NetBSD

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

BIT-PHP-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

PT-2026-39160

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

Slackware Linux 15.0 / current php82 Multiple Vulnerabilities (SSA:2026-127-03)

The version of php82 installed on the remote host is prior to 8.2.31 / 8.4.21. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-127-03 advisory. New php packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

EUVD-2026-28326

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...

PHP 8.2.x < 8.2.31 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.31. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.31 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

Astra Linux - уязвимость в vim

Heap-based Buffer Overflow in the GitHub repository for vim/vim before version 8.2...

Astra Linux - уязвимость в vim

Out-of-bounds read in the GitHub repository for Vim before version 8.2...

Astra Linux - уязвимость в vim

Out-of-bounds read in the GitHub repository for Vim before version 8.2...

Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2024-29371).

Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2024-29371. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In...

Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

WordPress plugin Greenly Theme Addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005265)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005265 advisory. In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when t...

EUVD-2026-3536

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Oracle Analytics Cloud. Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure...

CVE-2025-14847

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

Astra Linux - уязвимость в vim

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2...

EUVD-2021-11759

Malware in sbrugna...

EUVD-2021-19537

Malware in sbrugna...