Lucene search
+L

215 matches found

OSV
OSV
added 2026/05/12 8:56 a.m.9 views

BIT-PHP-2026-6735 XSS within PHP-FPM status endpoint

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References2
OSV
OSV
added 2026/05/12 8:50 a.m.8 views

BIT-LIBPHP-2026-6735 XSS within PHP-FPM status endpoint

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40280

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/11 2:17 p.m.13 views

SUSE CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

6.3CVSS6.2AI score0.0021EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: php (UTSA-2026-017556)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017556 advisory. In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root a...

7.8CVSS6.9AI score0.01337EPSS
Exploits1References4
NVD
NVD
added 2026/05/10 5:16 a.m.16 views

CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS0.0021EPSS
Exploits1References1
OSV
OSV
added 2026/05/10 5:16 a.m.8 views

UBUNTU-CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/10 3:27 a.m.6 views

CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/08 11:38 a.m.10 views

CLSA-2026-1778055087 php: Fix of 3 CVEs

CVE-2018-5711: Fix infinite loop in gdImageCreateFromGifCtx libgd when reading crafted GIF - CVE-2018-17082: Fix XSS via Transfer-Encoding: chunked in apache2 SAPI - CVE-2018-10545: Do not set PRSETDUMPABLE by default in php-fpm child...

6.1CVSS6.8AI score0.13204EPSS
Exploits2References1
CloudLinux
CloudLinux
added 2026/05/08 11:38 a.m.13 views

php: Fix of 3 CVEs

CVE-2018-5711: Fix infinite loop in gdImageCreateFromGifCtx libgd when reading crafted GIF - CVE-2018-17082: Fix XSS via Transfer-Encoding: chunked in apache2 SAPI - CVE-2018-10545: Do not set PRSETDUMPABLE by default in php-fpm child...

6.1CVSS6.6AI score0.13204EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.24 views

PT-2026-39445

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description Improper sanitation of user data allows an attacker to compose a URL that executes arbitrary...

9.8CVSS6AI score0.0078EPSS
Exploits1References99
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.18 views

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: grafana-pyroscope, kaf, gcp-compute-persistent-disk-csi-driver, knative-client, buildah, terraform-provider-pagerduty, kubernetes-dashboard-metrics-scraper, addon-resizer, flux-image-reflector-controller, nats, yq, kubecolor, redpanda, nri-mssql, coredns,...

7.5CVSS7.6AI score0.00728EPSS
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.5 views

GHSA-J3GX-2473-5FP8 vulnerabilities

Vulnerabilities for packages: grafana-pyroscope, kaf, gcp-compute-persistent-disk-csi-driver, knative-client, buildah, terraform-provider-pagerduty, kubernetes-dashboard-metrics-scraper, addon-resizer, flux-image-reflector-controller, nats, yq, kubecolor, redpanda, nri-mssql, coredns,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.8 views

GHSA-RV83-G57W-FR8J vulnerabilities

Vulnerabilities for packages: grafana-pyroscope, kaf, gcp-compute-persistent-disk-csi-driver, knative-client, buildah, terraform-provider-pagerduty, mockgen, kubernetes-dashboard-metrics-scraper, addon-resizer, flux-image-reflector-controller, nats, yq, redpanda, nri-mssql, overmind, coredns,...

5.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : php:8.1 (AXSA:2024-9437:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9437:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

7.5CVSS7.8AI score0.49336EPSS
Exploits7References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : php:8.2 (AXSA:2024-9503:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9503:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

7.5CVSS7.8AI score0.49336EPSS
Exploits7References7
GithubExploit
GithubExploit
added 2025/10/24 7:0 a.m.335 views

Exploit for Out-of-bounds Write in Php

PHuiP-FPizdaM What's this This is an exploit for a bug in...

9.8CVSS7.9AI score0.9947EPSS
Exploits56
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-3274

Malware in sbrugna...

5.5CVSS5.6AI score0.00353EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-29028

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.01122EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-22119

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.01006EPSS
Exploits0References3
Rows per page
Query Builder