Lucene search
K

55 matches found

Chainguard
Chainguard
added 6 days ago8 views

GHSA-XCGV-8MV7-V8C7 vulnerabilities

Vulnerabilities for packages: eks-distro-fips, cloud-provider-azure, knative-operator-fips, kubernetes-dashboard, ocm-cli-fips, kube-arangodb-fips, commercial-chainloop-backend, buildah-fips, frankenphp-8.2, cerbos, commercial-spilo, kyverno-policy-reporter-plugins-kyverno, dataplaneapi-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: omnictl-multiarch-fips, kubernetes-dashboard, flux-source-controller, cert-manager, kube-arangodb-fips, trivy-fips, frankenphp-8.2, external-dns, drone-fips, omnictl-multiarch, nerdctl, traefik-fips, knative-serving-fips, prometheus-fips, kots, commercial-grafana,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-servicenetworking, crossplane-provider-azure-authorization, chainctl-fips, omnictl-multiarch-fips, policy-controller, kubernetes-dashboard, flux-source-controller, sops, cert-manager, gomplate, kube-arangodb-fips, step-kms-plugin, trivy-fips...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.9 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-bedrockagent-fips, crossplane-provider-aws-efs-fips, cert-manager, gomplate, crossplane-provider-azure-operationsmanagement, crossplane-provider-aws-firehose-fips, frankenphp-8.2, crossplane-provider-aws-rds-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-9M57-25V3-79X9 vulnerabilities

Vulnerabilities for packages: omnictl-multiarch-fips, kubernetes-dashboard, cert-manager, kube-arangodb-fips, buildah-fips, teleport-operator-fips, frankenphp-8.2, external-dns, omnictl-multiarch, nerdctl, traefik-fips, knative-serving-fips, prometheus-fips, kots, commercial-grafana, containerd,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-78MQ-XCR3-XM33 vulnerabilities

Vulnerabilities for packages: omnictl-multiarch-fips, chainctl-fips, kubernetes-dashboard, flux-source-controller, cert-manager, gomplate, kube-arangodb-fips, trivy-fips, teleport-operator-fips, nuclei, frankenphp-8.2, mapotf-fips, splunk-otel-collector, external-dns, omnictl-multiarch, nerdctl,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: omnictl-multiarch-fips, kubernetes-dashboard, flux-source-controller, cert-manager, kube-arangodb-fips, trivy-fips, frankenphp-8.2, external-dns, drone-fips, omnictl-multiarch, nerdctl, traefik-fips, knative-serving-fips, prometheus-fips, kots, commercial-grafana,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.18 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-bedrockagent-fips, crossplane-provider-aws-efs-fips, cert-manager, gomplate, crossplane-provider-azure-operationsmanagement, crossplane-provider-aws-firehose-fips, frankenphp-8.2, crossplane-provider-aws-rds-fips,...

6.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/10 5:38 p.m.12 views

CVE-2026-45062 FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead...

8.1CVSS6.2AI score0.00568EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 5:38 p.m.47 views

CVE-2026-45062 FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead...

8.1CVSS0.00568EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 5:38 p.m.10 views

EUVD-2026-36075

FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead...

8.1CVSS6.2AI score0.00568EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 5:38 p.m.22 views

CVE-2026-45062

CVE-2026-45062 affects FrankenPHP (versions 1.11.2–1.12.2). The vulnerability arises in the CGI path splitting logic (splitPos in cgi.go), where fallback matching uses golang.org/x/text/search with ignore-case, and engages when the request path contains non-ASCII bytes. Two flaws enable an attack...

8.1CVSS6.2AI score0.00568EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 5:38 p.m.4 views

CVE-2026-45062 FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead...

8.1CVSS6.5AI score0.00568EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

FrankenPHP 输入验证错误漏洞

FrankenPHP is an open-source PHP application server developed by phpnet. In versions 1.11.2 to 1.2.3 of FrankenPHP, there was a vulnerability related to input validation errors. This vulnerability stemmed from the incorrect use of the splitPos function in cgi.go when the request path contained...

8.1CVSS5.9AI score0.00568EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46233

Name of the Vulnerable Software and Affected Versions API Platform Core versions 2.6.0 through 4.1.28 API Platform Core versions 4.2.0 through 4.2.25 API Platform Core versions 4.3.0 through 4.3.11 Description A missing isCacheKeySafe gate in the JSON:API and HAL item normalizers leads to a...

5.9CVSS5.6AI score0.00197EPSS
Exploits0References10
OSV
OSV
added 2026/05/18 1:40 p.m.5 views

GHSA-M675-2P33-XV9G Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files

Summary The FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead Caddy's FastCGI splitting into treatin...

8.1CVSS6.5AI score0.00399EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/15 5:9 p.m.8 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity through improper handling of Unicode characters in the splitPos function. An attacker can execute arbitrary code by uploading a file with a specially crafted name containing non-ASCII bytes or Unico...

9.2CVSS6.2AI score0.00568EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/15 5:9 p.m.13 views

FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

Summary The splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead FrankenPHP into treating a non-.php file as a .php script. In any deployment where the...

8.1CVSS6.5AI score0.00568EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/15 5:9 p.m.10 views

GHSA-3G8V-8R37-CGJM FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

Summary The splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead FrankenPHP into treating a non-.php file as a .php script. In any deployment where the...

8.1CVSS6.5AI score0.00568EPSS
Exploits0References5
Chainguard
Chainguard
added 2026/04/10 2:16 p.m.5 views

CVE-2026-39972 vulnerabilities

Vulnerabilities for packages: frankenphp-8.2, frankenphp-8.3, frankenphp-8.4, frankenphp-8.5...

7.1CVSS6.1AI score0.00341EPSS
Exploits0
Rows per page
Query Builder