215 matches found
BIT-PHP-2026-6735 XSS within PHP-FPM status endpoint
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...
BIT-LIBPHP-2026-6735 XSS within PHP-FPM status endpoint
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...
PT-2026-40280
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...
SUSE CVE-2026-6735
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...
Unity Linux 20.1060e / 20.1070e Security Update: php (UTSA-2026-017556)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017556 advisory. In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root a...
CVE-2026-6735
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...
UBUNTU-CVE-2026-6735
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...
CVE-2026-6735
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...
CLSA-2026-1778055087 php: Fix of 3 CVEs
CVE-2018-5711: Fix infinite loop in gdImageCreateFromGifCtx libgd when reading crafted GIF - CVE-2018-17082: Fix XSS via Transfer-Encoding: chunked in apache2 SAPI - CVE-2018-10545: Do not set PRSETDUMPABLE by default in php-fpm child...
php: Fix of 3 CVEs
CVE-2018-5711: Fix infinite loop in gdImageCreateFromGifCtx libgd when reading crafted GIF - CVE-2018-17082: Fix XSS via Transfer-Encoding: chunked in apache2 SAPI - CVE-2018-10545: Do not set PRSETDUMPABLE by default in php-fpm child...
PT-2026-39445
Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description Improper sanitation of user data allows an attacker to compose a URL that executes arbitrary...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope, kaf, gcp-compute-persistent-disk-csi-driver, knative-client, buildah, terraform-provider-pagerduty, kubernetes-dashboard-metrics-scraper, addon-resizer, flux-image-reflector-controller, nats, yq, kubecolor, redpanda, nri-mssql, coredns,...
GHSA-J3GX-2473-5FP8 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope, kaf, gcp-compute-persistent-disk-csi-driver, knative-client, buildah, terraform-provider-pagerduty, kubernetes-dashboard-metrics-scraper, addon-resizer, flux-image-reflector-controller, nats, yq, kubecolor, redpanda, nri-mssql, coredns,...
GHSA-RV83-G57W-FR8J vulnerabilities
Vulnerabilities for packages: grafana-pyroscope, kaf, gcp-compute-persistent-disk-csi-driver, knative-client, buildah, terraform-provider-pagerduty, mockgen, kubernetes-dashboard-metrics-scraper, addon-resizer, flux-image-reflector-controller, nats, yq, redpanda, nri-mssql, overmind, coredns,...
MiracleLinux 9 : php:8.1 (AXSA:2024-9437:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9437:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...
MiracleLinux 9 : php:8.2 (AXSA:2024-9503:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9503:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...
Exploit for Out-of-bounds Write in Php
PHuiP-FPizdaM What's this This is an exploit for a bug in...
EUVD-2015-3274
Malware in sbrugna...
EUVD-2021-29028
Malicious code in bioql PyPI...
EUVD-2025-22119
Malicious code in bioql PyPI...