BIT-PHP-MIN-2026-6735 XSS within PHP-FPM status endpoint

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

OPENSUSE-SU-2026:10747-1 php8-8.5.6-1.1 on GA media

These are all security issues fixed in the php8-8.5.6-1.1 package on the GA media of openSUSE Tumbleweed...

PHP 缓冲区错误漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.4.21 and 8.5.6 contained a buffer error vulnerability. This vulnerability arises when a code name containing a NUL byte is passed to the mbconvertencoding or related mbstring functions. The code...

CVE-2025-2274

Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security On-Prem on Windows allows Stored XSS.This issue affects Web Security through 8.5.6...

CVE-2025-2274

The CVE-2025-2274 entry describes a Stored Cross-Site Scripting (XSS) issue in Forcepoint Web Security (On-Prem) for Windows, caused by improper input neutralization during web page generation. Affects Forcepoint Web Security through version 8.5.6; no explicit exploit details are provided. CVSSv4...

CVE-2025-2274 Stored Cross Site Scripting in Forcepoint Web Security

Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security On-Prem on Windows allows Stored XSS.This issue affects Web Security through 8.5.6...

CVE-2021-22966

Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group...

CVE-2025-64250

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in wpWax Directorist directorist allows Phishing.This issue affects Directorist: from n/a through = 8.6.6...

CVE-2025-64250 WordPress Directorist plugin <= 8.6.6 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in wpWax Directorist directorist allows Phishing.This issue affects Directorist: from n/a through = 8.6.6...

PT-2025-51398

Name of the Vulnerable Software and Affected Versions Directorist versions through 8.5.6 Description An open redirect issue exists in wpWax Directorist, potentially enabling phishing attacks. The vulnerability allows redirection to untrusted sites. Recommendations Update Directorist to a version...

EUVD-2023-44773

Malicious code in bioql PyPI...

EUVD-2024-16689

Malicious code in bioql PyPI...

CVE-2024-6133

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-21117

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Core. Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...

PT-2024-33633 · WordPress · Rextheme Wp Vr

Name of the Vulnerable Software and Affected Versions: Rextheme WP VR versions prior to 8.5.6 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Rextheme WP VR versions pri...

CVE-2024-6136

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

WordPress plugin wp-cart-for-digital-products 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin wp-cart-for-digital-products 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin wp-cart-for-digital-products 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-21120

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Core. Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...