EUVD-2026-35154

A vulnerability was identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

CVE-2026-11530

Technical details about CVE-2026-11530 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-10875

The CVE-2026-10875 entry affects projectworlds Online Art Gallery Shop Project 1.0. The vulnerability is in an unknown function of the file /admin/adminHome.ph; manipulating the social_twitter argument causes SQL injection. A remote attack is possible, and the exploit has been released publicly. ...

CVE-2026-10875 projectworlds Online Art Gallery Shop Project adminHome.ph sql injection

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...

MAL-2026-1809 Malicious code in ph-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07a12a2296142889c91ff5760f4a0abc8866ea9a5e439847b8b5817565348b6e The package ph-common was found to contain malicious code...

Malicious code in ph-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07a12a2296142889c91ff5760f4a0abc8866ea9a5e439847b8b5817565348b6e The package ph-common was found to contain malicious code...

CVE-2025-70063

The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference IDOR vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the...

PropertyHive < 2.1.1 - Cross-Site Scripting

The Property Hive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'phmessage' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-63644

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...

CVE-2024-44630

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...

FBI Wants to Know Who Runs Archive.ph

The FBI has issued a federal subpoena to domain registrar Tucows, demanding extensive billing and session records to unmask the anonymous operator of Archive.ph Archive.is and Archive.today. The site, known for bypassing paywalls, is now the subject of an undisclosed criminal investigation...

MINI-GFP4-P698-P7PH

Bulletin has no description...

EUVD-2023-1848

Malicious code in bioql PyPI...

Malicious code in @zalastax/nolb-ph- (npm)

The package @zalastax/nolb-ph- was found to contain malicious code...

MAL-2025-13133 Malicious code in @zalastax/nolb-ph- (npm)

The package @zalastax/nolb-ph- was found to contain malicious code...

MAL-2025-13715 Malicious code in @zalastax/nolb-react-ph (npm)

The package @zalastax/nolb-react-ph was found to contain malicious code...

com.finmatics.et:et-core (>=0.1.0 <=0.2.0), com.helger.commons:ph-config (>=10.0.0 <=11.0.4) +87 more potentially affected by CVE-2023-34612 via com.helger.commons:ph-json (>=10.0.0 <=11.0.4)

com.helger.commons:ph-json MAVEN version =10.0.0, =0.1.0, =10.0.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =3.0.2, =8.5.0, =2.1.0, =1.1.0, =1.1.0, =1.1.0, =2.1.2 and more Source cves: CVE-2023-34612 Source advisory: OSV:GHSA-MX27-GG24-H2JC...

ph-json vulnerable to stack exhaustion

An issue was discovered ph-json through 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

GHSA-MX27-GG24-H2JC ph-json vulnerable to stack exhaustion

An issue was discovered ph-json through 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

CVE-2023-34612

An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...