Oracle Linux 8 : php:8.2 (ELSA-2026-22305)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-22305 advisory. libzip php 8.2.31-1 - rebase to 8.2.31 php-pear php-pecl-apcu php-pecl-rrd php-pecl-xdebug3 php-pecl-zip Tenable has extracted the preceding descripti...

CVE-2026-38991

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code...

CVE-2026-34415

CVE-2026-34415 affects Xerte Online Toolkits versions ≤ 3.15. The vulnerability is in the elFinder connector endpoint, where incomplete input validation fails to block PHP-executable extensions such as .php4 due to an incorrect regex. This enables an unauthenticated attacker to abuse an attack pa...

CVE-2026-34735

The CVE concerns Hytale Modding Wiki (version 1.2.0 and prior). The issue resides in the quickUpload() endpoint: MIME-type validation via PHP finfo is performed, but the stored filename is constructed from the client-supplied extension (getClientOriginalExtension()). These independent checks allo...

PT-2026-7872

Name of the Vulnerable Software and Affected Versions FrankenPHP versions prior to 1.11.2 Description FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path bu...

pearweb SQL注入漏洞

PearWeb is a PHP extension and application repository developed by PEAR. Versions of PearWeb prior to 1.33.0 contained a SQL injection vulnerability. This vulnerability occurred due to the use of the user::maintains function, which provided role filters as arrays and inserted IN clauses,...

pearweb SQL注入漏洞

PearWeb is a PHP extension and application repository developed by PEAR. Versions of PearWeb prior to 1.33.0 contained a SQL injection vulnerability. This vulnerability stemmed from the category deletion process, where an SQL injection could be exploited by attackers through the use of category I...

php:8.2 security update

An update is available for module.php, module.php-pecl-apcu, php-pecl-rrd, php-pecl-zip, php, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug3, module.php-pecl-xdebug3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a...

MiracleLinux 4 : php-pecl-apc-3.1.9-2.AXS4 (AXSA:2012-588:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-588:01 advisory. APC is a free, open, and robust framework for caching and optimizing PHP intermediate code. Security issues fixed with this release: CVE-2010-3294 Cross-site...

php: pgsql extension does not check for errors during escaping

A flaw was found in PHP. Missing error checking could result in SQL injection, and missing error handling could lead to crashes due to null pointer dereferences...

EUVD-2005-0566

Malware in sbrugna...

EUVD-2007-4238

Malware in sbrugna...

EUVD-2015-1202

Malware in sbrugna...

EUVD-2014-9558

Malware in sbrugna...

EUVD-2019-2746

Malware in sbrugna...

EUVD-2011-0447

Malware in sbrugna...

EUVD-2025-0030

Malicious code in bioql PyPI...

EUVD-2024-1279

Malicious code in bioql PyPI...

CVE-2025-58159

WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension...

Linux Distros Unpatched Vulnerability : CVE-2022-24953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The CryptGPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions...