CVE-2021-4457 ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server...

CVE-2025-52715

Affected software: WordPress Classified Listing plugin (WordPress Classified Listing) versions ≤ 4.2.0. Vulnerability: Local File Inclusion (PHP Remote File Inclusion) due to Improper Control of Filename for Include/Require statements in PHP. Impact: Potential exposure of local files via crafted ...

TencentOS Server 4: openssl (TSSA-2024:0914)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0914 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: php (TSSA-2025:0004)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0004 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

PT-2025-24460 · WordPress · Bodycenter - Gym

Name of the Vulnerable Software and Affected Versions: BodyCenter - Gym, Fitness WooCommerce WordPress Theme versions n/a through 2.4 Description: The issue affects the BodyCenter - Gym, Fitness WooCommerce WordPress Theme, allowing for PHP Local File Inclusion due to improper control of filename...

CVE-2025-49308 WordPress WP Travel Engine <= 6.5.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.5.1...

CVE-2025-49307 WordPress WP Multilang <= 2.4.19 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Magazine3 WP Multilang allows PHP Local File Inclusion. This issue affects WP Multilang: from n/a through 2.4.19...

CVE-2025-32286 WordPress Butcher <= 2.40 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Butcher allows PHP Local File Inclusion. This issue affects Butcher: from n/a through 2.40...

CVE-2025-32309 WordPress Healsoul <= 2.0.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Healsoul allows PHP Local File Inclusion. This issue affects Healsoul: from n/a through 2.0.2...

CVE-2024-52385

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpmart Team Member team-showcase-supreme.This issue affects Team Member: from n/a through = 7.4...

CVE-2024-51754

Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...

CVE-2023-37260

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

CVE-2020-28925

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance...

CVE-2019-19989

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization...

php:8.3 security update

php 8.3.19-1 - rebase to 8.3.19 8.3.15-1 - rebase to 8.3.15 8.3.12-1 - rebase to 8.3.12 RHEL-62189 - enable command history in phpdbg - backport Argon2 password hashing in OpenSSL ext - build sockets extension statically - switch to nikic/php-parser version 5 - openssl: always warn about missing...

php security update

8.0.30-3 - Fix libxml streams use wrong content-type header when requesting a redirected resource CVE-2025-1219 - Fix Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 - Fix Stream HTTP wrapper truncate redirect location to 1024 bytes CVE-2025-1861 - Fix Streams HTTP...

CVE-2004-2664

John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODBDIR, which reveals the installation path in an error message...

RHSA-2025:7489 Red Hat Security Advisory: php security update

Bulletin has no description...

RHSA-2025:7432 Red Hat Security Advisory: php:8.2 security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...