CVE-2026-32363 WordPress WPLifeCycle plugin <= 3.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through = 3.3.1...

CVE-2026-32363

CVE-2026-32363 affects the WordPress WPLifeCycle plugin (free-php-version-info) up to version 3.3.1. The issue is described as Missing Authorization / Broken Access Control, allowing exploitation due to incorrectly configured access control security levels. Affected products and versions are cons...

PT-2026-20385

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the file name parameter which is stored in the database during file upload and later used in raw SQL...

php:7.4 security update

libzip 1.6.1-1 - update to 1.6.1 - enable lzma support php 7.4.33-3 - Fix Heap-Use-After-Free in sapireadpostdata Processing in CLI SAPI Interface GHSA-4w77-75f9-2c8w - Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 - Fix Single byte overread wit...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005265)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005265 advisory. In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when t...

RHSA-2026:1429 Red Hat Security Advisory: php:8.3 security update

Bulletin has no description...

CVE-2025-14478

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...

MiracleLinux 4 : php-5.3.3-48.AXS4 (AXSA:2016-621:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-621:04 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in...

AZL-73198 CVE-2025-14178 affecting package php for versions less than 8.3.29-1

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE, due to an integer overflow in the precomputation of...

php:8.1 security update

An update is available for module.php-pecl-apcu, php-pecl-rrd, php-pecl-zip, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug3, module.php-pecl-xdebug3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

PHP 8.5.x < 8.5.1 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP 8.1.x < 8.1.34 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.1.34. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.34 advisory. - Debian Linux - php7.4 - None php8.2 - None php8.4 - None Ubuntu Linux - Unknown description CVE-2025-14177, CVE-2025-14178,...

PHP 8.5.x < 8.5.1 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.5.1 advisory. - uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large...

PHP 8.4.x < 8.4.16 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.4.16. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.4.16 advisory. - Debian Linux - php7.4 - None php8.2 - None php8.4 - None Ubuntu Linux - Unknown description CVE-2025-14177, CVE-2025-14178,...

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

TencentOS Server 3: php:8.0 (TSSA-2023:0257)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0257 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-63452

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php...

CVE-2025-63452

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php...

CVE-2025-63452

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php...

CVE-2025-63451

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php...