186 matches found
EUVD-2023-3033
Malicious code in bioql PyPI...
EUVD-2023-2470
Malicious code in bioql PyPI...
CLSA-2025-1758892982 php: Fix of CVE-2017-9228
CVE-2017-9228: fix heap out-of-bounds write in bitsetsetrange and parsecharclass functions...
CLSA-2025-1758892974 php: Fix of CVE-2017-9228
CVE-2017-9228: fix heap out-of-bounds write in bitsetsetrange and parsecharclass functions...
CLSA-2025-1758020272 Update of alt-php
Bump ABI 5.4.0-221...
CLSA-2025-1757947715 php: Fix of 3 CVEs
CVE-2017-9224: fix out-of-bounds read of a stack in matchat function - CVE-2017-9226: fix out-of-bounds write or read of a heap in nextstateval function - CVE-2017-9227: fix out-of-bounds read of a stack in mbcenclen function...
CLSA-2025-1756323917 php: Fix of CVE-2025-1736
CVE-2025-1736: fix incorrect validation of CRLF in http headers...
Linux Distros Unpatched Vulnerability : CVE-2021-32708
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specif...
CLSA-2025-1754384758 php: Fix of CVE-2025-6491
CVE-2025-6491: fix buffer overflow vulnerability...
CVE-2025-54119 ADOdb's sqlite3 driver allows SQL injection
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database a...
ADOdb SQL注入漏洞
ADOdb is a PHP database library in ADOdb open source. A SQL injection vulnerability exists in ADOdb 5.22.9 and earlier versions, which stems from improper query parameter escaping and can lead to SQL injection attacks...
CLSA-2025-1753953101 php: Fix of CVE-2025-1735
CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...
CLSA-2025-1753768680 php: Fix of CVE-2025-1220
CVE-2025-1220: error if host contains null bytes in the middle of the string...
CVE-2024-41811
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. CSRF. All affected products, in any version, will be unaffected by this once icinga-php-library is upgraded. Version...
CVE-2024-45046
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. As a result an attacker...
CVE-2024-28864
SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded wit...
CVE-2024-56411
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0,...
CVE-2023-41330
knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check if...
CLSA-2025-1747740986 php: Fix of 3 CVEs
CVE-2025-1217: fix handling of folded headers by the http stream parser - CVE-2025-1734: fix validation of http headers with missing colon - CVE-2025-1861: fix incorrect http redirect location truncation...
CLSA-2025-1747690840 php: Fix of 3 CVEs
CVE-2025-1217: fix handling of folded headers by the http stream parser - CVE-2025-1734: fix validation of http headers with missing colon - CVE-2025-1861: fix incorrect http redirect location truncation...