EUVD-2017-0146

Malware in sbrugna...

EUVD-2024-1779

Malicious code in bioql PyPI...

EUVD-2022-5462

Malicious code in bioql PyPI...

EUVD-2025-12614

Malicious code in bioql PyPI...

CVE-2025-30207

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or...

Path Traversal

getkirby/cms is vulnerable to Path Traversal. The vulnerability is due to lack of validation in the router to ensure that requested files are within the document root, allowing access checks on files outside the intended directory when using PHP’s built-in server...

CVE-2025-30207

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or...

Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability

Affected packages The vulnerability has been discovered in Code Snippet GeSHi plugin. All integrators that use GeSHi syntax highlighter on the backend side can be affected. Impact A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a...

PHP Server Monitor vulnerable to Cross-site Scripting

PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/testscript/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details...

GHSA-RQ7F-J68F-MQH3 PHP Server Monitor vulnerable to Cross-site Scripting

PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/testscript/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details...

CVE-2024-5312

PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/testscript/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details...

CVE-2024-5312 Cross-Site Scripting vulnerability in PHP Server Monitor

PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/testscript/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details...

CVE-2024-5312 Cross-Site Scripting vulnerability in PHP Server Monitor

PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/testscript/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details...

PHP Server Monitor 跨站脚本漏洞

Php Server Monitor is a script. Used to check if your website and server are up and running. A cross-site scripting vulnerability exists in PHP Server Monitor version 3.2.0. An attacker exploited the vulnerability to perform a cross-site scripting attack...

PT-2024-35585 · Unknown +1 · Php Server Monitor +1

Name of the Vulnerable Software and Affected Versions: PHP Server Monitor version 3.2.0 Description: The issue allows for an XSS attack via the "/phpservermon-3.2.0/vendor/phpmailer/phpmailer/test script/index.php" page, where all visible parameters are vulnerable. An attacker can create a...

HackerOne: Server Side Request Forgery (SSRF) in webhook functionality

Server Side Request Forgery SSRF vulnerability found in webhook functionality. Attacker able to bypass anti-SSRF protections by using IPv6 address mapped to IPv4. This allowed unauthorized access to internal AWS EC2 metadata instance...

SSRF in feeds

Description By looking at this URL : https://github.com/glpi-project/glpi/security/advisories/GHSA-rqgx-gqhp-x8vv, I understand that a SSRF was possible in the URL of the RSS feed, and in fact, this has been fix. Howerver, I found a bypass to CVE-2022-36112. Proof of Concept To trigger the bug,...

PHP Zerodium Backdoor

An attacker might upload a web shell backdoor to a PHP server via zerodium prefix. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

CSRF in PHP Server Monitor before 3.3.2

PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action...

CamPhish - Grab Cam Shots From Target'S Phone Front Camera Or PC Webcam Just Sending A Link.

Grab cam shots from target's phone front camera or PC webcam just sending a link. What is CamPhish? CamPhish is techniques to take cam shots of target's phone fornt camera or PC webcam. CamPhish Hosts a fake website on in built PHP server and uses ngrok & serveo to generate a link which we will...