Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

126 matches found

Redos
Redosadded 2025/08/22 12:0 a.m.6 views

ROS-20250822-23

A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...

7.5CVSS7AI score0.00953EPSS
Exploits2
RedhatCVE
RedhatCVEadded 2025/05/22 10:30 p.m.2 views

CVE-2022-24637

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '...

9.8CVSS9.4AI score0.99134EPSS
Exploits14References1
BDU FSTEC
BDU FSTECadded 2025/03/17 12:0 a.m.3 views

The vulnerabilities of the functions php_libxml_input_buffer_create_filename() and php_libxml_sniff_charset_from_stream() in the PHP interpreter allow a hacker to redirect users to any desired URL address.

The vulnerabilities of the functions phplibxmlinputbuffercreatefilename and phplibxmlsniffcharsetfromstream in the PHP interpreter are related to the use of open redirection. Exploiting these vulnerabilities could allow a malicious actor to redirect users to any desired URL address...

4CVSS6.5AI score0.0071EPSS
Exploits1References12Affected Software3
Tenable Nessus
Tenable Nessusadded 2025/03/04 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2017-11144

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing...

7.5CVSS6.9AI score0.06164EPSS
Exploits0References2
BDU FSTEC
BDU FSTECadded 2024/12/02 12:0 a.m.1 views

The vulnerability of the convert.quoted-printable-decode filter in the PHP programming language interpreter allows a hacker to trigger a service failure.

The vulnerability of the convert.quoted-printable-decode filter in the PHP programming language interpreter is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

4.8CVSS6.2AI score0.01618EPSS
Exploits1References12Affected Software4
Redos
Redosadded 2024/10/15 12:0 a.m.18 views

ROS-20241015-11

A vulnerability in the PHP programming language interpreter exists due to a failure to neutralize special elements. special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...

8.8CVSS7.5AI score0.03686EPSS
Exploits68
Redos
Redosadded 2024/10/15 12:0 a.m.11 views

ROS-20241015-14

A vulnerability in the PHP programming language interpreter exists due to a failure to take measures to neutralize the special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...

8.8CVSS7.8AI score0.03686EPSS
Exploits68
F5 Networks
F5 Networksadded 2024/10/07 3:15 a.m.30 views

K000141355: Multiple PHP vulnerabilities

Security Advisory Description CVE-2016-4342 ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact v...

8.8CVSS9.2AI score0.13314EPSS
Exploits5
BDU FSTEC
BDU FSTECadded 2024/10/02 12:0 a.m.3 views

The vulnerability of the PHP programming language interpreter arises from the failure to address the issue of eliminating special elements that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the PHP programming language interpreter exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS6.8AI score0.03686EPSS
Exploits65References9Affected Software3
Redos
Redosadded 2024/08/16 12:0 a.m.63 views

ROS-20240816-11

A vulnerability in the procopen function of the PHP programming language interpreter exists due to a failure to take measures to neutralize special elements used by the operating system. to neutralize special elements used in the operating system command. Exploitation exploitation of the...

9.8CVSS8.1AI score0.99987EPSS
Exploits68
Redos
Redosadded 2024/08/16 12:0 a.m.37 views

ROS-20240816-16

A vulnerability in the opensslprivatedecrypt function of the PKCS1 Padding Handler component of the PHP programming language interpreter is related to the use of a version of OpenSSL that incorporates changes from the request. PHP programming language interpreter is related to the use of a versio...

9.8CVSS8.2AI score0.99987EPSS
Exploits68
Redos
Redosadded 2024/08/16 12:0 a.m.38 views

ROS-20240816-10

A vulnerability in the PHP programming language interpreter is related to the erroneous handling of cookies due to the replacement of spaces, dots, and open square brackets with underscores. as a result of replacing spaces, periods and open square brackets with underscores. Exploitation...

6.5CVSS7.3AI score0.3786EPSS
Exploits0
Redos
Redosadded 2024/07/30 12:0 a.m.22 views

ROS-20240730-07

A vulnerability in the PHP interpreter is related to improper input validation. Exploitation of the vulnerability could allow an attacker acting remotely to install a standard, unsafe cookie in the victim's browser. insecure cookie...

6.5CVSS7.1AI score0.49336EPSS
Exploits2
BDU FSTEC
BDU FSTECadded 2023/10/13 12:0 a.m.4 views

The vulnerability of the phar_dir_read() function in the PHP interpreter allows a hacker to execute arbitrary code.

The vulnerability of the phardirread function in the PHP interpreter arises due to an overflow in the stack buffer. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS7.6AI score0.08003EPSS
Exploits3References10Affected Software6
BDU FSTEC
BDU FSTECadded 2023/08/31 12:0 a.m.5 views

Vulnerability of PHP, C++, Swift, and Node.js drivers of the MongoDB database management system, related to the exposure of protected information, allowing attackers to gain unauthorized access to protected information.

Vulnerabilities in PHP, C++, Swift, and Node.js drivers of the MongoDB database management system, as well as the PHP programming language interpreter, can lead to the exposure of protected information. Exploiting these vulnerabilities can allow attackers to gain unauthorized access to protected...

4.6CVSS6.6AI score0.00492EPSS
Exploits0References9Affected Software6
Metasploit
Metasploitadded 2023/03/17 7:52 p.m.286 views

Open Web Analytics 1.7.3 - Remote Code Execution (RCE)

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with ' use exploit/multi/http/openwebanalyticsrce msf...

9.8CVSS8.6AI score0.99134EPSS
Exploits14
NVD
NVDadded 2022/11/09 7:15 a.m.34 views

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDENUPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations...

9.8CVSS0.02555EPSS
Exploits3References4
OpenVAS
OpenVASadded 2022/08/26 12:0 a.m.34 views

Ubuntu: Security Advisory (USN-99-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.7AI score0.03735EPSS
Exploits0References2
BDU FSTEC
BDU FSTECadded 2022/04/27 12:0 a.m.4 views

The vulnerability in the ext/soap/soap.c component of the PHP interpreter allows attackers to escalate their privileges.

The vulnerability of the ext/soap/soap.c component of the PHP interpreter is related to privilege management errors. Exploiting this vulnerability allows a remote attacker to gain increased privileges...

7.5CVSS7.8AI score0.09747EPSS
Exploits0References14Affected Software3
BDU FSTEC
BDU FSTECadded 2022/04/27 12:0 a.m.5 views

The vulnerability of the mkgmtime function (libxmlrpc/xmlrpc.c) in the PHP programming language allows a perpetrator to

The vulnerability of the mkgmtime function libxmlrpc/xmlrpc.c in the PHP interpreter is caused by buffer overflow...

7.8CVSS8.2AI score0.27018EPSS
Exploits1References26Affected Software5
Rows per page
Query Builder