Lucene search
K

1679 matches found

GithubExploit
GithubExploit
added 2026/06/11 6:47 a.m.86 views

Exploit for CVE-2026-45034

🧨 PHPSpreadsheet Phar Deserialization Exploit Bypass pro...

6.7AI score0.00351EPSS
Exploits2
OSV
OSV
added 2026/06/08 11:0 p.m.12 views

GHSA-87M4-826X-3CRX PHPSpreadsheet has a patch bypass for CVE-2026-34084

Summary CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parseurl$filename, PHPURLSCHEME and then checks isstring$scheme && strlen$scheme 1 to reject stream wrappers such as phar://, php://, data:// or expect://. The check is not equivalent to "does the path conta...

9.2CVSS5.7AI score0.00351EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/06/08 11:0 p.m.47 views

PHPSpreadsheet has a patch bypass for CVE-2026-34084

Summary CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parseurl$filename, PHPURLSCHEME and then checks isstring$scheme && strlen$scheme 1 to reject stream wrappers such as phar://, php://, data:// or expect://. The check is not equivalent to "does the path conta...

9.8CVSS5.7AI score0.00712EPSS
Exploits3References3Affected Software1
GithubExploit
GithubExploit
added 2026/06/08 4:1 a.m.76 views

PHANTOM_CTF_HACKINGCLUB_BY_BSIDESRECIFE

Phantom — CTF Writeup & Exploit HackingClub / BSides Recife...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.27 views

PT-2026-47606

Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.5 Description An issue exists in the File::prohibitWrappers function where the use of parse url to detect stream wrappers can be bypassed. When an input contains three or more slashes after the scheme e.g....

9.2CVSS6.5AI score0.00351EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.18 views

CVE-2026-25524

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as getimagesize, fileexists, and isreadable can trigger...

8.1CVSS6AI score0.00539EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.11 views

CVE-2026-34084

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load is user-controlled, an attacker can supply a PHP stream...

9.8CVSS6.2AI score0.00712EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Composer

Composer is a dependency manager for PHP. Users who publish a composer.phar file to a publicly accessible web server where the file can be executed as a PHP file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22, an...

8.8CVSS8.6AI score0.0139EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading PHAR files, insufficient length checking may lead to a stack buffer overflow, potentially causing memory corruption or Remote Code Execution RCE...

9.8CVSS7.4AI score0.08003EPSS
Exploits3References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions before 7.4.31, 8.0.24, and 8.1.11, the phar uncompressor code would recursively uncompress “quines” gzip files, resulting in an infinite loop...

5.5CVSS6.8AI score0.00591EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21, and 7.4.x below 7.4.9, when processing PHAR files using the phar extension, pharparsezipfile might be tricked into accessing freed memory, which could lead to a crash or information disclosure...

4.8CVSS6.7AI score0.01661EPSS
Exploits1References2
OSV
OSV
added 2026/05/19 5:44 p.m.25 views

CLSA-2026-1779212665 php: Fix of 14 CVEs

CVE-2018-5711: fix infinite loop in gdImageCreateFromGifCtx - CVE-2018-5712: remove file name from phar stub error output XSS - CVE-2018-10545: do not set PRSETDUMPABLE in php-fpm workers by default - CVE-2018-10546: fail iconvmimedecode on invalid multibyte sequences - CVE-2018-10547: escape...

7.5CVSS6.8AI score0.79949EPSS
Exploits7References1
NVD
NVD
added 2026/05/05 8:16 p.m.19 views

CVE-2026-34084

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load is user-controlled, an attacker can supply a PHP stream...

9.8CVSS0.00712EPSS
Exploits1References1
CVE
CVE
added 2026/05/05 7:22 p.m.43 views

CVE-2026-34084

CVE-2026-34084 describes a vulnerability in PhpSpreadsheet where IOFactory::load() with a user-controlled filename can pass PHP stream wrappers (phar://, ftp://, ssh2.sftp://) to is_file(), triggering PHAR deserialization and potential remote code execution if an appropriate gadget chain exists. ...

9.8CVSS6.4AI score0.00712EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/05 7:22 p.m.39 views

CVE-2026-34084 PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load is user-controlled, an attacker can supply a PHP stream...

9.2CVSS0.00712EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 1:57 a.m.22 views

CLSA-2026-1777946242 php: Fix of 13 CVEs

CVE-2018-14883: fix int overflow leading to heap overflow in exifthumbnailextract - CVE-2019-6977: fix imagecolormatch out-of-bounds write on heap in GD - CVE-2019-9022: fix memcpy with negative length via crafted DNS response - CVE-2019-9640: fix invalid read in exifprocessSOFn - CVE-2019-11042:...

8.8CVSS7AI score0.9523EPSS
Exploits21References1
OSV
OSV
added 2026/05/02 12:53 a.m.9 views

CLSA-2026-1777540774 php: Fix of 4 CVEs

CVE-2018-14883: fix integer overflow leading to heap buffer overflow in exifthumbnailextract - CVE-2019-19246: fix heap buffer overflow in oniguruma strlowercasematch - CVE-2018-19518: disable imap rsh/ssh by default to prevent argument injection imap.enableinsecurersh INI added - CVE-2018-20783:...

8.5CVSS7.3AI score0.9523EPSS
Exploits8References1
CloudLinux
CloudLinux
added 2026/05/02 12:53 a.m.13 views

php: Fix of 4 CVEs

CVE-2018-14883: fix integer overflow leading to heap buffer overflow in exifthumbnailextract - CVE-2019-19246: fix heap buffer overflow in oniguruma strlowercasematch - CVE-2018-19518: disable imap rsh/ssh by default to prevent argument injection imap.enableinsecurersh INI added - CVE-2018-20783:...

8.5CVSS6.9AI score0.9523EPSS
Exploits8
OSV
OSV
added 2026/04/29 8:22 p.m.6 views

GHSA-Q4Q6-R8WH-5CGH PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled

The usage of isfile, used to verify if the $filename is indeed an actual file, by all? Reader implementations inside the helper function File::assertFile is php-wrapper aware, for any php wrappers implementing stat. The 3 wrappers ftp://, phar:// and ssh2.sftp://, all satisfy this requirement - 2...

9.2CVSS5.8AI score0.00712EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/29 8:22 p.m.9 views

PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled

The usage of isfile, used to verify if the $filename is indeed an actual file, by all? Reader implementations inside the helper function File::assertFile is php-wrapper aware, for any php wrappers implementing stat. The 3 wrappers ftp://, phar:// and ssh2.sftp://, all satisfy this requirement - 2...

9.8CVSS5.7AI score0.00712EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder