Lucene search
K

111 matches found

Microsoft CVE
Microsoft CVE
added 2025/10/02 6:11 a.m.4 views

phar wrapper can occur dos when using quine gzip file

...

5.5CVSS7AI score0.00591EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-17057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. CVE-2018-17057 Note that Nessus...

9.8CVSS7.4AI score0.26172EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2019-6339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar...

9.8CVSS7AI score0.33228EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 1:53 p.m.4 views

BIT-LIBPHP-2022-31628 phar wrapper can occur dos when using quine gzip file

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

5.5CVSS7.4AI score0.00591EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/02/05 9:27 p.m.8 views

CVE-2022-2436

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...

8.8CVSS6.6AI score0.01408EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:19 p.m.4 views

CVE-2022-2442

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper...

7.2CVSS6.7AI score0.01408EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:18 p.m.23 views

CVE-2022-2433

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

8.8CVSS6.8AI score0.01251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:17 p.m.22 views

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

8.8CVSS6.6AI score0.01762EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/09/24 3:15 a.m.2 views

CVE-2022-2439

The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'uploadfile' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using...

7.2CVSS6AI score0.0069EPSS
Exploits0References4
NVD
NVD
added 2024/09/13 3:15 p.m.15 views

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

7.2CVSS0.00578EPSS
Exploits0References2
OSV
OSV
added 2024/09/13 3:15 p.m.5 views

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

7.2CVSS5.9AI score0.00578EPSS
Exploits0References2
CVE
CVE
added 2024/09/13 3:10 p.m.59 views

CVE-2022-2446

CVE-2022-2446 affects the WP Editor WordPress plugin. The vulnerability is a PHAR deserialization issue via the current_theme_root parameter in versions up to and including 1.2.9. An authenticated attacker with administrative privileges who can upload a serialized payload can trigger deserializat...

7.2CVSS7.1AI score0.00578EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.4 views

PT-2024-11530 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: WP Editor plugin for WordPress versions up to, and including 1.2.9 Description: The issue allows deserialization of untrusted input via the current theme root parameter. This enables authenticated attackers with administrative privileges to...

7.2CVSS6.8AI score0.00578EPSS
Exploits0References7
NVD
NVD
added 2024/08/29 11:15 a.m.8 views

CVE-2022-2440

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

7.2CVSS0.0074EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/08/29 11:15 a.m.2 views

CVE-2022-2440

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

7.2CVSS6AI score0.0074EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.9 views

PT-2024-23469 · WordPress · Wpvivid Backup & Migration Plugin

Name of the Vulnerable Software and Affected Versions: WPvivid Backup & Migration Plugin for WordPress versions up to, and including, 0.9.99 Description: The issue arises from insufficient path validation on the tree nodenodeid parameter, allowing authenticated attackers with admin-level access a...

7.2CVSS6.8AI score0.41543EPSS
Exploits0References5
OSV
OSV
added 2023/06/15 8:4 p.m.7 views

CLSA-2023-1686859492 php: Fix of 3 CVEs

CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...

9.1CVSS7AI score0.49336EPSS
Exploits2References1
OSV
OSV
added 2023/06/15 7:54 p.m.8 views

CLSA-2023-1686858853 php: Fix of 3 CVEs

CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...

9.1CVSS6.9AI score0.49336EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.8 views

PT-2023-18747 · WordPress · Otter

Name of the Vulnerable Software and Affected Versions: Otter WordPress plugin versions prior to 2.2.6 Description: The issue arises from the plugin's failure to sanitize user-controlled file paths, leading to a PHAR deserialization vulnerability. This vulnerability can be exploited on PHP version...

8.8CVSS9.7AI score0.17973EPSS
Exploits2References3
Rockylinux
Rockylinux
added 2023/04/06 3:53 p.m.65 views

php security update

An update is available for php. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...

9.8CVSS8.9AI score0.49336EPSS
Exploits6
Rows per page
Query Builder