CVE-2026-8705

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...

AZL-59306 CVE-2025-1861 affecting package php for versions less than 8.1.32-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

PT-2020-6128 · Php +2 · Php +2

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB version 9.0 Enterprise Edition Description: The issue is related to insufficient input validation in the Chadha PHPKB software. This allows a remote unauthenticated attacker to disclose local files on hosts running PHP versions...