CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

335 matches found

Symfony Profiler - Remote Access via Injected Arguments

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

7.3CVSS7.1AI score0.88664EPSS

Exploits0References5

EUVD•added 2026/05/20 7:51 p.m.•2 views

EUVD-2026-31190

Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile that leads to Local File Inclusion. The function calls extract$params, EXTROVERWRITE before the require statement that loads the view file. As a result, a...

7.4CVSS5.7AI score0.00022EPSS

Exploits0References2

CNNVD•added 2026/05/13 12:0 a.m.•5 views

Flight SQL注入漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained an SQL injection vulnerability. This vulnerability occurred because the methods SimplePdo::insert, SimplePdo::update, and SimplePdo::delete directly concatenated the $table parameter and the keys fr...

8.8CVSS5.8AI score0.00019EPSS

Exploits0References2

Positive Technologies•added 2026/05/06 12:0 a.m.•3 views

PT-2026-38271

Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The make:controller CLI command allows arbitrary directory creation outside the project root. This occurs because the command calls mkdir..., recursive: true on a path constructed from a user-supplie...

4.4CVSS5.9AI score0.00007EPSS

Exploits0References4

CNNVD•added 2026/04/29 12:0 a.m.•3 views

EyouCMS 注入漏洞

EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. EyouCMS versions 1.7.9 and earlier have a vulnerability related to injection attacks. This vulnerability arises from improper handling of the editFile function in the file...

5.8CVSS5.9AI score0.00057EPSS

Exploits0References1

CNNVD•added 2026/02/07 12:0 a.m.•2 views

tpAdmin 代码问题漏洞

tpAdmin is a management backend developed by Ethan as an individual developer, based on ThinkPHP5. Versions of tpadmin 1.3.12 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the library...

9.8CVSS7.2AI score0.00021EPSS

Exploits3References5

NVD•added 2026/02/03 7:16 p.m.•3 views

CVE-2026-25236

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

9.8CVSS0.00043EPSS

Exploits0References1

Redos•added 2025/12/23 12:0 a.m.•6 views

ROS-20251223-7315

Vulnerability in php-symfony4 related to the use of non-canonical url-paths for authorization solutions. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

7.3CVSS7AI score0.06307EPSS

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-1452

Malware in sbrugna...

5.2CVSS5.3AI score0.00146EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-2479

Malware in sbrugna...

7.2CVSS6.9AI score0.00321EPSS

Exploits0References5