EUVD-2026-11903

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativesPlanet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through = 8.1...

CVE-2026-28021

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Craftis craftis allows PHP Local File Inclusion.This issue affects Craftis: from n/a through = 1.2.8...

CVE-2026-22425 WordPress Sweet Jane theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Sweet Jane sweetjane allows PHP Local File Inclusion.This issue affects Sweet Jane: from n/a through = 1.2...

CVE-2026-22380

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue affects UnlimHost: from n/a through = 1.2.3...

CVE-2026-27343 WordPress Airtifact theme <= 1.2.91 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through = 1.2.91...

CVE-2025-69060

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes uReach ureach allows PHP Local File Inclusion.This issue affects uReach: from n/a through = 1.3.3...

MiracleLinux 4 : php-5.3.2-6.AXS4.1 (AXSA:2011-39:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-39:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...

EUVD-2025-202112

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through = 1.2.17...

CVE-2025-60190

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hinnerk Altenburg Immocaster WordPress Plugin immocaster allows PHP Local File Inclusion.This issue affects Immocaster WordPress Plugin: from n/a through = 1.3.6...

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

php: host/secure cookie bypass due to partial CVE-2022-31629 fix

An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser...

The vulnerability of the PHP programming language interpreter arises from the lack of measures taken to eliminate special elements used in operating system commands, allowing attackers to execute arbitrary code.

The vulnerability of the PHP programming language interpreter exists because measures to neutralize the special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted HTTP...

SUSE CVE-2005-0524

The phphandleiff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service infinite loop via a -8 size value...

SUSE CVE-2006-5465

Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the 1 htmlentities or 2 htmlspecialchars functions...

SUSE CVE-2011-4153

PHP 5.3.8 does not always check the return value of the zendstrndup function, which might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that performs strndup operations on untrusted string data, as demonstrat...

The vulnerability of the `object_custom` function in the PHP programming language allows attackers to trigger a service failure or execute arbitrary code.

The vulnerability of the objectcustom function located in ext/standard/varunserializer.c in the PHP interpreter is related to errors in number processing. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

The vulnerability of the sessions subsystem in the PHP programming language interpreter allows attackers to intercept user sessions.

The vulnerability of the PHP interpreter’s sessions subsystem is related to privilege management errors. Exploiting this vulnerability allows a malicious actor to intercept a user’s session...

The vulnerability of the http_header_value function (ext/standard/http_fopen_wrapper.c) in the PHP programming language allows a attacker to cause a service failure.

The vulnerability of the httpheadervalue function ext/standard/httpfopenwrapper.c in the PHP programming language is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

CVE-2021-3007

Laminas-http

The vulnerability in the implementation of the getheaders() function in the PHP interpreter allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the getheaders function implementation in the PHP programming language is related to insufficient validation of input data when processing links using the \0 symbol. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...