Lucene search
K

1670 matches found

Nuclei
Nuclei
added 16 hours ago59 views

Contact Form 7 Drag and Drop Multiple File Upload - Arbitrary File Upload

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and...

9.8CVSS6.7AI score0.0509EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday21 views

elFinder < 2.1.58 - Remote Code Execution

studio-42/elfinder before 2.1.58 contains a remote code execution caused by execution of PHP code in a .phar file, letting attackers execute arbitrary PHP code if the server parses .phar files as PHP, exploit requires server to parse .phar files as PHP. id: CVE-2021-23394 info: name: elFinder...

9.8CVSS7.9AI score0.19083EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/26 10:10 p.m.8 views

EUVD-2026-38053

PhpWeasyPrint vulnerable to PHAR deserialization via output filename CVE-2023-28115 case-insensitive bypass...

9.8CVSS7.3AI score0.0276EPSS
Exploits1References5
OSV
OSV
added 2026/06/26 10:10 p.m.3 views

GHSA-2FMJ-P74R-3WJM PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)

Summary pontedilana/php-weasyprint guarded the output filename against the phar:// stream wrapper with a case-sensitive blacklist: php if 0 === \strpos$filename, 'phar://' throw new \InvalidArgumentException'The output file cannot be a phar archive.'; PHP stream wrappers are case-insensitive, so...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References6
NVD
NVD
added 2026/06/22 9:16 p.m.12 views

CVE-2026-45034

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parseurl$filename, PHPURLSCHEME and then checks isstring$scheme && strlen$scheme 1 to reject stream wrappers such as...

9.2CVSS0.00351EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/22 8:32 p.m.25 views

CVE-2026-45034 PhpSpreadsheet: File::prohibitWrappers bypass

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parseurl$filename, PHPURLSCHEME and then checks isstring$scheme && strlen$scheme 1 to reject stream wrappers such as...

9.2CVSS0.00351EPSS
Exploits1References1
CVE
CVE
added 2026/06/22 8:32 p.m.77 views

CVE-2026-45034

Summary: PhpSpreadsheet before 1.30.5 contains a bypass in File::prohibitWrappers that can be exploited via phar:// wrapper paths (e.g., phar:///path/file.phar/inner). When input contains three or more slashes after the scheme, parse_url can return false, skipping the check and allowing phar wrap...

9.2CVSS5.9AI score0.00351EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/19 7:8 p.m.4 views

Deserialization of Untrusted Data

Overview pontedilana/php-weasyprint is a PHP library allowing PDF generation from an url or a html page. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the prepareOutput method of src/AbstractGenerator.php, whose strpos$filename, 'phar://' guard is case...

9.2CVSS6.6AI score0.00555EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 6:16 p.m.9 views

CVE-2026-49286

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint guarded the output filename against the phar:// stream wrapper with a case-sensitive blacklist. PHP stream wrappers are case-insensitive, so PHAR://, Phar://, etc...

8.1CVSS0.00555EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:3 p.m.16 views

CVE-2026-49286 PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint guarded the output filename against the phar:// stream wrapper with a case-sensitive blacklist. PHP stream wrappers are case-insensitive, so PHAR://, Phar://, etc...

8.1CVSS0.00555EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:3 p.m.16 views

CVE-2026-49286

CVE-2026-49286 - PhpWeasyPrint : The library (prior to 2.6.0) guards the output filename against the phar:// stream wrapper with a case-sensitive blacklist. Because PHP stream wrappers are case-insensitive, inputs like PHAR://, Phar:// bypass the check and reach fileExists() in prepareOutput(), a...

8.1CVSS6.2AI score0.00555EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions prior to 7.4.31, 8.0.24, and 8.1.11, the phar uncompressor code would recursively uncompress “quines” gzip files, resulting in an infinite loop...

5.5CVSS7AI score0.00565EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21, and 7.4.x below 7.4.9, when processing PHAR files using the phar extension, pharparsezipfile might be tricked into accessing freed memory, which could lead to a crash or information disclosure...

4.8CVSS6.7AI score0.01661EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading PHAR files, insufficient length checking may lead to a stack buffer overflow, potentially causing memory corruption or Remote Code Execution RCE...

9.8CVSS7.4AI score0.08003EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50999

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The software uses a case-sensitive blacklist to protect output filenames against the phar:// stream wrapper...

8.1CVSS6.2AI score0.00555EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

Fedora 43 : composer (2026-4308b5fc39)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4308b5fc39 advisory. Version 2.10.1 - 2026-06-04 Security: Fixed shell escaping when opening an editor 12903 Security: Verify backup phar signature before restoring it when using...

5.9AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/11 6:47 a.m.76 views

Exploit for CVE-2026-45034

🧨 PHPSpreadsheet Phar Deserialization Exploit Bypass pro...

6.7AI score0.00351EPSS
Exploits1
OSV
OSV
added 2026/06/08 11:0 p.m.8 views

GHSA-87M4-826X-3CRX PHPSpreadsheet has a patch bypass for CVE-2026-34084

Summary CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parseurl$filename, PHPURLSCHEME and then checks isstring$scheme && strlen$scheme 1 to reject stream wrappers such as phar://, php://, data:// or expect://. The check is not equivalent to "does the path conta...

9.2CVSS5.7AI score0.00351EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/08 11:0 p.m.31 views

PHPSpreadsheet has a patch bypass for CVE-2026-34084

Summary CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parseurl$filename, PHPURLSCHEME and then checks isstring$scheme && strlen$scheme 1 to reject stream wrappers such as phar://, php://, data:// or expect://. The check is not equivalent to "does the path conta...

9.8CVSS5.7AI score0.00712EPSS
Exploits2References3Affected Software1
GithubExploit
GithubExploit
added 2026/06/08 4:1 a.m.66 views

PHANTOM_CTF_HACKINGCLUB_BY_BSIDESRECIFE

Phantom — CTF Writeup & Exploit HackingClub / BSides Recife...

5.5AI score
Exploits0
Rows per page
Query Builder