CVE-2025-65875

An arbitrary file upload vulnerability in the AddFont function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2020-37084 School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...

CVE-2020-37091 Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...

CVE-2025-67484

A flaw was found in MediaWiki. This vulnerability is associated with the includes/Api/ApiFormatXml.Php file. An attacker with high privileges could potentially interact with this flaw. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...

CVE-2025-61650

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from before...

CVE-2025-65875

CVE-2025-65875 : Concrete details across sources show an arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier. The root cause is that crafted PHP files can be uploaded, enabling arbitrary code execution. Affected component: FPDF library (FPDF AddFont). Impact is...

Fishing Reservation System SQL注入漏洞

The Fishing Reservation System is a fishing reservation system developed by Fishing Reservation Company. Version 7.5 of the Fishing Reservation System has a SQL injection vulnerability. This vulnerability stems from multiple remote SQL injection vulnerabilities present in the admin.php, cart.php,...

CVE-2025-65875

An arbitrary file upload vulnerability in the AddFont function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-65875

An arbitrary file upload vulnerability in the AddFont function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

PT-2026-5841

Name of the Vulnerable Software and Affected Versions Maian Support Helpdesk version 4.3 Description The software contains a cross-site request forgery condition that permits attackers to create administrative accounts without needing to authenticate. Attackers can construct malicious HTML forms ...

CVE-2025-6593

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

CVE-2025-6590

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from through 1.39.12, 1.42.76 1.43.1, 1.44.0...

CVE-2025-6593

CVE-2025-6593 affects Wikimedia Foundation MediaWiki. A remote attacker could entice a user to interact with malicious content in includes/user/User.Php, potentially leading to disclosure of limited sensitive information. Affected versions include MediaWiki 1.27.0 before 1.39.13, 1.42.7–1.43.2, a...

PT-2026-6425

Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution RCE. By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability...

CVE-2026-25129

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

CVE-2026-1534

A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

CVE-2026-22464

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through = 3.6.33...

CVE-2025-69071 WordPress TanTum theme <= 1.1.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes TanTum tantum allows PHP Local File Inclusion.This issue affects TanTum: from n/a through = 1.1.13...

CVE-2025-69066

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Indoor Plants indoor-plants allows PHP Local File Inclusion.This issue affects Indoor Plants: from n/a through = 1.2.7...

CVE-2025-69059

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects DiveIt: from n/a through = 1.4.3...