PT-2026-45270

A flaw has been found in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument user id/course id/teacher id/student id/application id can lead to sql injection...

CVE-2026-34092

CVE-2026-34092 affects Wikimedia Foundation MediaWiki. The information exposure arises from the includes/Skin/Skin.Php component, where UI elements in the tools sidebar reveal autoblocked IP presence. Affected versions are MediaWiki before 1.43.7, 1.44.4, and 1.45.2. Remediation is to upgrade to ...

Astra Linux - уязвимость в php7.3

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23, and 7.4.x below 7.4.11, when AES-CCM mode is used with the opensslencrypt function and a 12-byte IV is provided, only the first 7 bytes of the IV are actually used. This can result in reduced security and incorrect encrypted data...

CVE-2026-3838

Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The...

CVE-2026-32504

CVE-2026-32504 is a local file inclusion vulnerability affecting the WordPress theme/plugin combo “VintWood” (Vintage, Retro WordPress Theme). The initial description and connected Wordfence vulnerability digest indicate VintWood versions <= 1.1.8 are affected by an unauthenticated Local File ...

CVE-2026-3838 Unraid Update Request Path Traversal Remote Code Execution Vulnerability

Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The...

CVE-2026-4045

A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...

CVE-2025-58091

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2022-27257

A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...

CVE-2025-11610

CVE-2025-11610 affects SourceCodester Simple Inventory System 1.0. The vulnerability is a SQL injection in the /brand.php handling of the editBrandName parameter, reported to be exploitable remotely and with a public exploit. Multiple connected sources confirm the same flaw and classify the risk ...

EUVD-2019-19028

Malware in sbrugna...

EUVD-2025-28129

Malicious code in bioql PyPI...

CVE-2025-10836 SourceCodester Pet Grooming Management Software print1.php sql injection

A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/print1.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to th...

CVE-2025-10371 eCharge Hardy Barth Salia PLCC api.php unrestricted upload

A security flaw has been discovered in eCharge Hardy Barth Salia PLCC up to 2.3.81. This issue affects some unknown processing of the file /api.php. The manipulation of the argument setrfidlist results in unrestricted upload. The attack may be performed from remote. The exploit has been released ...

CVE-2009-20010

Dogfood CRM 2.0.10 suffers a remote command execution vulnerability in the spell.php script used by its mail subsystem. The flaw arises from unsanitized user input passed via a POST to the data parameter, which is then processed by the underlying shell without proper escaping, enabling attackers ...

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

php: cgi.force_redirect configuration is bypassable due to the environment variable collision

A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...

emlog 安全漏洞

emlog is a PHP and MySQL based CMS website builder by emlog's individual developers. A security vulnerability exists in emlog Pro version v2.5.4, which originates from the sort.php component and is susceptible to server-side request forgery attacks...

php: cgi.force_redirect configuration is bypassable due to the environment variable collision

A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...

Important: php73

Issue Overview: A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths. CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.1...