PT-2026-40295

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

CVE-2026-22420

CVE-2026-22420 pertains to the Horizon WordPress theme (AncoraThemes Horizon) with a Local File Inclusion vulnerability via improper control of the include/require filename, affecting Horizon versions up to and including 1.1. Public documentation in the connected sources confirms the vulnerabilit...

CVE-2025-68510

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through 7.7.5...

CVE-2025-58706 WordPress Woo Hoo theme <= 1.25 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Woo Hoo woohoo allows PHP Local File Inclusion.This issue affects Woo Hoo: from n/a through = 1.25...

ROS-20250812-01

A vulnerability in the Guzzle HTTP client library of the PHP programming language interpreter is related to an incorrectly implemented security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information Vulnerability i...

ROS-20250430-10

The vulnerability in the PHP programming language interpreter is related to flaws in header processing of of HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely to send a hidden HTTP request HTTP Request Smuggling attack. hidden HTTP request HTTP Request...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal that stems from vulnerability to cross-site request forgery attacks...

ROS-20241015-15

A vulnerability in the PHP programming language interpreter exists due to a failure to take measures to neutralize the special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...

ROS-20240820-15

A vulnerability in the filtervar function of the PHP programming language interpreter is related to insufficient data authentication. data authentication. Exploitation of the vulnerability could allow an attacker acting remotely, spoof URLs with erroneous data...

ROS-20240816-15

A vulnerability in the PHP programming language interpreter is related to the erroneous handling of cookies due to the replacement of spaces, dots, and open square brackets with underscores. as a result of replacing spaces, periods and open square brackets with underscores. Exploitation...

The vulnerability of the PHP programming language interpreter arises from incorrect restrictions on XML links to external objects. This allows attackers to trigger service failures or gain unauthorized access to confidential data.

The vulnerability of the PHP programming language interpreter is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an attacker to cause service failures or gain unauthorized access to confidential data...

The vulnerability of the php_quot_print_encode function in the PHP programming language allows a perpetrator to cause a service failure.

The vulnerability of the phpquotprintencode function in the PHP programming language is caused by buffer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the ext/phar/tar.c component of the PHP programming language interpreter allows a attacker to trigger a service failure or possibly cause other adverse effects.

The vulnerability of the ext/phar/tar.c component in the PHP programming language arises due to buffer overflow. Exploiting this vulnerability can allow an attacker to cause service interruptions or potentially have other effects using a specially created .TAR archive...

The vulnerability of the php_wddx_process_data function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the phpwddxprocessdata function ext/wddx/wddx.c in the PHP programming language exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures by using an invalid ISO 8601 time value...

CVE-2022-24828

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...

The vulnerability relates to the SAPI extension of the PHP-FPM process runner, which is a PHP programming language interpreter. This vulnerability allows attackers to elevate their privileges to root.

The vulnerability of the SAPI extension for the PHP-FPM process interpreter involves access control issues when the processes are executed simultaneously. Exploiting this vulnerability can allow an attacker to gain elevated privileges to root...

Debian DLA-2306-1 : libphp-phpmailer security update

It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The Content-Type and Content-Disposition headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. F...

Debian DLA-2244-1 : libphp-phpmailer security update

It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The Content-Type and Content-Disposition headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. F...

An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now

If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any informatio...

The vulnerability of the exif_iif_add_value function in the EXIF interpreter for the PHP programming language allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the exifiifaddvalue function in the EXIF extension of the PHP interpreter is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...