GHSA-PV87-R9QF-X56P AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...

Linux Distros Unpatched Vulnerability : CVE-2026-25239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can...

EUVD-2026-5195

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

CVE-2026-25240

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

CVE-2026-25234

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

EUVD-2021-1396

Malware in sbrugna...

EUVD-2023-3016

Malicious code in bioql PyPI...

EUVD-2022-1214

Malicious code in bioql PyPI...

EUVD-2023-2996

Malicious code in bioql PyPI...

CVE-2024-24496

An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components...

CVE-2024-22638

liveSite v2019.1 was discovered to contain a remote code execution RCE vulenrabiity via the component /livesite/editdesignerregion.php or /livesite/addemailcampaign.php...

Fedora 37 : php-symfony4 (2023-74b702f058)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-74b702f058 advisory. Version 4.4.50 2023-02-01 security cve-2022-24895 Security/Http Remove CSRF tokens from storage on successful login nicolas-grekas security...

PEAR Archive_Tar Improper Link Resolution Vulnerability

PEAR ArchiveTar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party...

CVE-2022-23601

CVE-2022-23601 affects the Symfony form component (FrameworkBundle) where CSRF protection was not enabled by default after a configuration-loading change. This made applications vulnerable to CSRF attacks when the default was not explicitly enabled. The issue is resolved in patch versions; users ...

[SECURITY] Fedora 33 Update: php-pear-1.10.12-5.fc33

PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components...

[SECURITY] Fedora 32 Update: php-pear-1.10.12-5.fc32

PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components...

Debian DLA-2465-1 : php-pear security update

It was discovered that there was a filename sanitisation issue in php-pear, a distribution system for reusable PHP components. For Debian 9 'Stretch', this problem has been fixed in version 1:1.10.1+submodules+notgz-9+deb9u2. We recommend that you upgrade your php-pear packages. For the detailed...

PHPinfo Information Disclosure

Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo' for debugging purposes, and various PHP applications may also include such a file by default. By accessing it, a remote attacker can discover a large amount of information about the remote...

SensioLabs Symfony 3.3.6 Cross Site Scripting

SensioLabs Symfony version 3.3.6 - Cross-Site Scripting Reflect Exploit Title: SensioLabs Symfony version 3.3.6 - Cross-Site Scripting Reflect Date: 08-06-2018 Software Link: https://symfony.com/ Exploit Author: HaMM0nz Chakrit S., a member of KPMG Cyber Security team in Thailand CVE:...