Linux Distros Unpatched Vulnerability : CVE-2026-7262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding...

Linux Distros Unpatched Vulnerability : CVE-2026-6735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to...

grav-cms-filecache-object-injection

Grav CMS FileCache Object Injection Description The File...

RHSA-2026:4517 Red Hat Security Advisory: php:7.4 security update

Bulletin has no description...

RHSA-2026:4514 Red Hat Security Advisory: php:7.4 security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

RHEL 8 : php:7.4 (RHSA-2026:4507)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4507 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge...

AlmaLinux 8 : php:7.4 (ALSA-2026:2470)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2470 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decod...

RHSA-2026:2470 Red Hat Security Advisory: php:7.4 security update

Bulletin has no description...

MiracleLinux 8 : php:7.4 (AXSA:2022-3814:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3814:01 advisory. php: uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : php:7.4 (AXSA:2022-3857:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3857:01 advisory. ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename...

USN-7400-1 php7.4, php8.1, php8.3 vulnerabilities

It was discovered that PHP incorrectly handle certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2024-11235 It was discovered that PHP incorrectly handle certain folded headers. An attacker could possibly use this issue to cause a crash or...

RHSA-2025:3076 Red Hat Security Advisory: php:7.4 security update

Bulletin has no description...

CVE-2024-9047

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...

Oracle Linux 8 : php:7.4 (ELSA-2024-10952)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-10952 advisory. - Fix cgi.forceredirect configuration is bypassable due to the environment variable collision CVE-2024-8927 - Fix Logs from childrens may be altered...

RHEL 8 : php:7.4 (RHSA-2024:10952)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:10952 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: 1-byte array overrun in common...

Debian dla-3986 : libapache2-mod-php7.4 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3986 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3986-1 [email protected]...

CVE-2024-10519 Wishlist for WooCommerce: Multi Wishlists Per Customer PRO 3.0.8 - 3.1.2 - Reflected Cross-Site Scripting via wtab Parameter

The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wtab' parameter in versions 3.0.8 to 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

DLA-3920-1 php7.4 - security update

Bulletin has no description...

CVE-2024-9047

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...