EUVD-2026-38063

The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...

CVE-2026-26885

CVE-2026-26885 affects the Sourcecodester Online Men's Salon Management System v1.0. The vulnerability is an SQL Injection in the endpoint /classes/Master.php?f=delete_service, caused by unsafe SQL handling in the related function. The impact is described as low with no user interaction required,...

EUVD-2018-4665

Malware in sbrugna...

Debian dla-4199 : php-tcpdf - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4199 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4199-1 [email protected]...

CVE-2022-47879

A Remote Code Execution RCE vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The vendor states that the vulnerability affects installations running version 22.5 or earlier. The...

[SECURITY] Fedora 40 Update: php-tcpdf-6.9.1-1.fc40

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

[SECURITY] Fedora 42 Update: php-tcpdf-6.9.1-1.fc42

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

CVE-2024-22611

OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\CPharmacy.class.php and \openemr\controller.php...

[SECURITY] Fedora 39 Update: php-tcpdf-6.7.7-1.fc39

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

CVE-2024-51740 SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in...

Authentication Bypass in TYPO3 CMS

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

GHSA-X4RJ-F7M6-42C3 TYPO3 CMS Authentication Bypass vulnerability

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

TYPO3 CMS Authentication Bypass vulnerability

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

[SECURITY] Fedora 40 Update: php-tcpdf-6.7.5-1.fc40

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

CVE-2024-25400

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not...

Debian: Security Advisory (DLA-357-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-30395

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggersmerch/classes/Master.php?f=deletecart...

CVE-2022-28030

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=deleteestate...

phpGACL SQL注入漏洞

phpGACL is an open source PHP class for Web developers to provide a simple but powerful "insert" permission system . For use in their current web-based applications. A security vulnerability exists in phpGACL 3.3.7, which can be triggered by an attacker sending an HTTP request...

WordPress Malware Camouflaged As Code

In today’s post we discuss emerging techniques that attackers are using to hide the presence of malware. In the example we discuss below, the attacker’s goal is to make everything look routine to an analyst so that they do not dig deeper and discover the presence of malware and what it is doing. ...