Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
πŸ”₯ Daily Hot!
πŸ’ͺ🏽 CPE Enhanced Advisories
πŸ•Ά Shadow Exploits
πŸ•΅πŸΌ Vulners CPE
πŸ” Security news
πŸ’» Exploit updates
πŸ“‘ Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
πŸ€– AI High Score
πŸ“° CVE Feed
show all

654 matches found

Tenable Nessus
Tenable Nessusβ€’added 2025/03/04 12:0 a.m.β€’8 views

Linux Distros Unpatched Vulnerability : CVE-2018-17082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a Transfer-Encoding:...

6.1CVSS6.6AI score0.04103EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusβ€’added 2025/03/04 12:0 a.m.β€’14 views

Linux Distros Unpatched Vulnerability : CVE-2018-10548

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to...

7.5CVSS6.9AI score0.08787EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusβ€’added 2025/03/04 12:0 a.m.β€’22 views

Linux Distros Unpatched Vulnerability : CVE-2017-9226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read...

9.8CVSS7.1AI score0.07511EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusβ€’added 2025/03/04 12:0 a.m.β€’19 views

Linux Distros Unpatched Vulnerability : CVE-2017-7272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is...

7.4CVSS7.4AI score0.03514EPSS
Exploits2References3
Tenable Nessus
Tenable Nessusβ€’added 2025/03/04 12:0 a.m.β€’20 views

Linux Distros Unpatched Vulnerability : CVE-2015-5589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The pharconverttoother function in ext/phar/pharobject.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer...

10CVSS8.1AI score0.06303EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusβ€’added 2025/03/04 12:0 a.m.β€’20 views

Linux Distros Unpatched Vulnerability : CVE-2015-4147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SoapClient::call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that defaultheaders is an array...

7.5CVSS7AI score0.12269EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusβ€’added 2025/03/04 12:0 a.m.β€’15 views

Linux Distros Unpatched Vulnerability : CVE-2016-7127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers ...

9.8CVSS8.1AI score0.06842EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusβ€’added 2025/03/04 12:0 a.m.β€’19 views

Linux Distros Unpatched Vulnerability : CVE-2015-4026

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The pcntlexec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which...

7.5CVSS7.3AI score0.1918EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusβ€’added 2025/03/03 12:0 a.m.β€’21 views

Linux Distros Unpatched Vulnerability : CVE-2006-7243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe...

5CVSS7.2AI score0.05363EPSS
Exploits2References2
Tenable Nessus
Tenable Nessusβ€’added 2025/03/03 12:0 a.m.β€’10 views

Linux Distros Unpatched Vulnerability : CVE-2010-3870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The utf8decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it...

6.8CVSS6.7AI score0.11281EPSS
Exploits1References2
Packet Storm
Packet Stormβ€’added 2025/02/10 12:0 a.m.β€’357 views

ABB Cylon Aspect 3.08.02 PHP Session Fixation

ABB Cylon Aspect version 3.08.02 is vulnerable to session fixation, allowing an attacker to set a predefined PHPSESSID value. An attacker can leverage an unauthenticated reflected cross site scripting vulnerability in jsonProxy.php to inject a crafted request, forcing the victim to adopt a fixate...

9.3CVSS6.2AI score0.00427EPSS
Exploits4
RedhatCVE
RedhatCVEβ€’added 2025/02/06 2:22 a.m.β€’5 views

CVE-2025-22508

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in roninwp FAT Event Lite fat-event-lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through = 1.1...

8.1CVSS7.2AI score0.00678EPSS
Exploits0References1
RedhatCVE
RedhatCVEβ€’added 2025/02/05 8:18 p.m.β€’9 views

CVE-2022-4606

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3...

9.8CVSS6.8AI score0.35435EPSS
Exploits1References1
RedhatCVE
RedhatCVEβ€’added 2025/02/05 12:23 p.m.β€’6 views

CVE-2024-52381

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Shoaib Rehmat ZIJ KART zij-kart allows PHP Local File Inclusion.This issue affects ZIJ KART: from n/a through = 1.1...

8.1CVSS7.2AI score0.00566EPSS
Exploits0References1
RedhatCVE
RedhatCVEβ€’added 2025/02/05 4:3 a.m.β€’4 views

CVE-2024-54225

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in codegearthemes Designer designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through = 1.4.1...

7.5CVSS7.2AI score0.00751EPSS
Exploits0References1
OSV
OSVβ€’added 2025/01/14 7:24 p.m.β€’17 views

BIT-PHP-MIN-2020-7061 heap-buffer-overflow in phar_extract_file

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...

9.1CVSS8.8AI score0.03869EPSS
Exploits1References4
CNVD
CNVDβ€’added 2025/01/10 12:0 a.m.β€’5 views

WordPress plugin Email Reminders cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Email Reminders version 2.0.5 and previous versions of cross-site scripting vulnerabili...

5.9CVSS6.6AI score0.00295EPSS
Exploits0References1
CNVD
CNVDβ€’added 2025/01/10 12:0 a.m.β€’7 views

WordPress Plugin DynamicTags SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists in WordPress plugin DynamicTags version 1.4.0 and earlier versions,...

8.5CVSS7.8AI score0.00353EPSS
Exploits0References1
Rockylinux
Rockylinuxβ€’added 2024/12/19 4:19 a.m.β€’21 views

php:8.2 security update

An update is available for php-pecl-zip, module.php-pecl-apcu, php-pecl-xdebug3, module.php-pecl-xdebug3, php-pecl-rrd, module.php-pecl-rrd, module.php-pecl-zip, php-pecl-apcu. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

7.5CVSS7.2AI score0.3786EPSS
Exploits5
OSV
OSVβ€’added 2024/12/19 4:18 a.m.β€’24 views

RLSA-2024:10951 Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk CVE-2024-3096 php: Filter bypass in filtervar...

7.5CVSS6.8AI score0.3786EPSS
Exploits5References7
Rows per page
Query Builder