UBUNTU-CVE-2026-6104

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

UBUNTU-CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the settingsToParameters process. An attacker can execute arbitrary code and alter the configuration of child processes by injecting newline characters into PHP INI values that are forwarded to child processes. This...

PT-2026-32911

A server-side information disclosure vulnerability was identified in the INI settings parser. PHP's parse ini string function supports $ syntax for environment variable interpolation. Attackers with Editor access could inject $APP KEY, $DB PASSWORD, or similar patterns into CMS page settings...

Wordpress 2.7.0 admin remote code execution vulnerability-vulnerability warning-the black bar safety net

by Ryatpuretot mail: puretot at gmail dot com team: http://www.80vul.com date: 2008-12-18 Analysis: This vulnerability out in the background: wp-admin/post.php if currentusercan'editpost', $postID if $last = wpcheckpostlock $post-ID $lastuser = getuserdata $last ; $lastusername = $lastuser ?...