Lucene search
K

4705 matches found

RedHat Linux
RedHat Linux
added 2026/06/04 4:15 p.m.10 views

php: NULL pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

A flaw was found in PHP. When an attacker input can influence the encoding passed to mbregexencoding and the application subsequently uses mbregex search APIs, a NULL pointer dereference can occur due to a mismatch between the Oniguruma and mbfl encoding support. This issue can cause a crash in t...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/04 12:30 p.m.9 views

EUVD-2026-34253

A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/changeprofileimage.php. Executing a manipulation of the argument prprofileimage can lead to unrestricted upload. The attack may be launched remotely. The...

6.5CVSS5.6AI score0.00209EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46223

A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of the argument page causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to t...

5.3CVSS4.3AI score0.00273EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/02 8:30 p.m.47 views

CVE-2026-10624 SourceCodester Human Resource Management Employee View detailview.php resource injection

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

5.3CVSS0.00242EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:50 p.m.10 views

CVE-2025-69369

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0...

8.1CVSS5.8AI score0.00327EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 1:48 p.m.39 views

CVE-2025-58897 WordPress Fermentio theme <= 1.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0...

8.1CVSS0.00337EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.16 views

PT-2026-45740

Name of the Vulnerable Software and Affected Versions Axiomthemes Spin versions prior to 1.8 Description Improper control of filename for include/require statements in the PHP program allows for Local File Inclusion. This occurs when the application fails to properly validate the file path used i...

8.1CVSS5.8AI score0.00337EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

WordPress plugin WaveRide 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.5AI score0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/30 2:55 p.m.10 views

CVE-2018-25416 AiOPMSD Final 1.0.0 SQL Injection via country.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/30 2:55 p.m.30 views

CVE-2018-25411 MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

8.8CVSS0.0027EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the view/update.php script, which read $POSTupdateFile as a relative path under the...

6.9CVSS5.8AI score0.00469EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/28 2:15 p.m.11 views

CVE-2026-9448

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown function of the file /applyleave.php. Executing a manipulation of the argument ID can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly...

5.3CVSS4.1AI score0.00336EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.13 views

Amazon Linux 2 : php, --advisory ALAS2-2026-3316 (ALAS-2026-3316)

The version of php installed on the remote host is prior to 5.4.16-46. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3316 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object...

9.8CVSS6.1AI score0.00739EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/26 11:56 p.m.8 views

PHP Remote File Inclusion

Overview Affected versions of this package are vulnerable to PHP Remote File Inclusion via the Users collection lookup process. An attacker can include arbitrary PHP files and probe for the existence of directories by supplying crafted user IDs containing path traversal sequences. Remediation...

8.8CVSS5.9AI score0.00173EPSS
Exploits0References3
CVE
CVE
added 2026/05/26 7:49 a.m.26 views

CVE-2026-39661

CVE-2026-39661 affects the WordPress SW Core plugin (versions ≤ 1.7.18). The issue is a PHP Local File Inclusion due to improper control of the filename used in include/require (the vulnerability aligns with a PHP Remote File Inclusion pattern). The CVSS metrics indicate NETWORK attack vector, HI...

7.5CVSS5.8AI score0.00418EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.15 views

PT-2026-43086

A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation of the argument FIRST NAME results in cross site scripting. The attack can be initiated remotely...

5.1CVSS4.3AI score0.00248EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the circular.php file, where the frmid POST parameter was directly inserted into...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.16 views

PT-2026-42493

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm id POST parameter directly into an HTML form input value attribute. Attackers ca...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.19 views

PT-2026-42480

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id POST parameter directly into an HTML form input value attribute. Attackers ca...

5.4CVSS5.8AI score0.00172EPSS
Exploits0References4
NVD
NVD
added 2026/05/20 8:16 p.m.18 views

CVE-2026-35008

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into an HTML attribute. Attackers can craft a...

5.1CVSS0.00221EPSS
Exploits0References3
Rows per page
Query Builder