Lucene search
K

34 matches found

Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.7 views

CVE-2018-25324 Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wpabspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wpabspath values to...

6.9CVSS6.5AI score0.00533EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.6 views

SimpleJWT 资源管理错误漏洞

SimpleJWT is a JSON Web Token library written in PHP by Kelvin Mo as a personal project. Versions of SimpleJWT prior to 1.1.1 contained a resource management vulnerability. This vulnerability arises from the use of the PBES2 algorithm, allowing unauthenticated attackers to perform denial-of-servi...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.8 views

PT-2026-3354

Name of the Vulnerable Software and Affected Versions Demo Importer Plus plugin for WordPress versions up to and including 2.0.9 Description The software is susceptible to XML External Entity Injection XXE through the SVG file upload functionality. This allows authenticated attackers with...

7.5CVSS6AI score0.0038EPSS
Exploits0References8
OSV
OSV
added 2025/08/11 1:53 p.m.6 views

BIT-LIBPHP-2023-0662 DoS vulnerability when parsing multipart request body

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space...

7.5CVSS6.9AI score0.01408EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:41 a.m.4 views

CVE-2023-23924

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This may lead to arbitrary object unserialize on PHP 8, through the phar URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with...

10CVSS7.6AI score0.03572EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.4 views

SUSE CVE-2009-2687

The exifreaddata function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service crash via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353...

4.3CVSS6.9AI score0.04378EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.4 views

SUSE CVE-2012-3365

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

5CVSS7.1AI score0.02978EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2018/08/02 7:0 p.m.44 views

CVE-2018-14851

exifprocessIFDinMAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG file...

5.5CVSS6.3AI score0.04306EPSS
Exploits0
Cvelist
Cvelist
added 2017/07/10 2:0 p.m.39 views

CVE-2016-10397

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...

8.3AI score0.01908EPSS
Exploits0References7
OSV
OSV
added 2017/01/11 7:59 a.m.6 views

UBUNTU-CVE-2016-7480

The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...

9.8CVSS7.7AI score0.41558EPSS
Exploits1References6
CNVD
CNVD
added 2016/09/29 12:0 a.m.4 views

PHP GD Graphics Library Integer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntax , support for multiple databases and operating systems and support for C, C++ for program extensions , etc...

9.8CVSS7AI score0.05101EPSS
Exploits0References1
OSV
OSV
added 2016/09/17 12:0 a.m.3 views

UBUNTU-CVE-2016-7412

ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted field metadata...

8.1CVSS7.4AI score0.0885EPSS
Exploits1References6
OSV
OSV
added 2016/08/07 10:59 a.m.4 views

ALPINE-CVE-2016-6128

The gdImageCropThreshold function in gdcrop.c in the GD Graphics Library aka libgd before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service application crash via an invalid color index...

7.5CVSS6.9AI score0.06805EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2016/08/07 10:0 a.m.48 views

CVE-2016-6128

The gdImageCropThreshold function in gdcrop.c in the GD Graphics Library aka libgd before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service application crash via an invalid color index...

7.5CVSS7.6AI score0.06805EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2016/06/24 12:0 a.m.37 views

CVE-2016-5768

Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...

9.8CVSS7.2AI score0.0963EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2016/05/22 1:0 a.m.30 views

CVE-2016-4345

Removed by vendor...

9.8CVSS8.1AI score0.05175EPSS
Exploits1
CNVD
CNVD
added 2016/05/17 12:0 a.m.3 views

PHP Fileinfo Component Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.Fileinfo is one of the components used to display the properties of a file and support batch modification of its properties. A security...

7.5CVSS8AI score0.02543EPSS
Exploits0References1
OSV
OSV
added 2016/05/16 12:0 a.m.4 views

UBUNTU-CVE-2015-8874

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call...

7.5CVSS7.2AI score0.08276EPSS
Exploits1References4
OSV
OSV
added 2016/04/29 12:0 a.m.1 views

UBUNTU-CVE-2016-4343

The pharmakedirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service uninitialized pointer dereference or possibly have unspecified other impact via a crafted TAR archi...

8.8CVSS7.2AI score0.0421EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2015/03/30 10:0 a.m.40 views

CVE-2014-9653

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...

7.5CVSS7AI score0.04681EPSS
Exploits0
Rows per page
Query Builder