CVE-2026-23836

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2...

PT-2026-3393

Name of the Vulnerable Software and Affected Versions PHPGurukul News Portal version 1.0 Description A security flaw exists in PHPGurukul News Portal that allows for cross-site request forgery. This issue is triggered by manipulating an unknown function and can be exploited remotely. The exploit ...

MiracleLinux 7 : rh-php70-php-7.0.27-1.el7 (AXSA:2018-3021:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3021:01 advisory. php: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field CVE-2016-7412 php: Use after free in wddxdeserialize CVE-2016-7413 php: O...

MiracleLinux 4 : file-5.04-21.AXS4 (AXSA:2014-614:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-614:01 advisory. Description : The file command is used to identify a particular file according to the type of data contained by the file. File can identify many...

MiracleLinux 4 : php-5.3.2-6.AXS4.1 (AXSA:2011-39:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-39:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...

MiracleLinux 3 : gd-2.0.33-9.4.2.1.AXS3 (AXSA:2010-56:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-56:01 advisory. The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood...

MiracleLinux 3 : php-5.1.6-24.5.1.AXS3 (AXSA:2010-78:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-78:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...

PT-2026-2360

Name of the Vulnerable Software and Affected Versions CuteEditor for PHP now referred to as Rich Text Editor version 6.6 Description The software contains a directory traversal issue in the browse template feature. This allows attackers to write files to arbitrary web root directories by exploiti...

OESA-2026-1025 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

WordPress plugin Curly 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-69080

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in JanStudio Gecko gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through = 1.9.8...

Emlog 跨站脚本漏洞

Emlog is emlog open source CMS based on PHP and MySQL site building system. Emlog version 2.5.23 cross-site scripting vulnerability , the vulnerability stems from the resource media library function has a stored cross-site scripting vulnerability...

CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

CVE-2025-14178

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

AZL-73237 CVE-2025-14178 affecting package php for versions less than 8.1.34-1

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE, due to an integer overflow in the precomputation of...

Small-Customer-Relationship-Management-CRM-in-PHP

No d...

CVE-2025-58890

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Playful playful allows PHP Local File Inclusion.This issue affects Playful: from n/a through = 1.19.0...

CVE-2025-58889

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Towny towny allows PHP Local File Inclusion.This issue affects Towny: from n/a through = 1.16...

Fedora: Security Advisory (FEDORA-2025-ce8a4096e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2025-204127

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DetailX detailx allows PHP Local File Inclusion.This issue affects DetailX: from n/a through = 1.10.0...