CVE-2026-33347

league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...

EUVD-2024-53515

Malicious code in bioql PyPI...

EUVD-2024-50002

Malicious code in bioql PyPI...

CVE-2024-9546

The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for...

CVE-2024-57071

A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57071

A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57071

A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57071

CVE-2024-57071 affects php-parser v3.2.1 through a prototype pollution in the lib.combine function, enabling DoS with a crafted payload. Connected sources confirm the vulnerability and provide a workaround (disable lib.combine) while noting no public exploit details in the documents. Exploitation...

PT-2025-5770 · Unknown · Php-Parser

Name of the Vulnerable Software and Affected Versions: php-parser version 3.2.1 Description: A prototype pollution in the lib.combine function allows attackers to cause a Denial of Service DoS via supplying a crafted payload. Recommendations: For php-parser version 3.2.1, consider disabling the...

CVE-2024-57071

A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-9546

The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for...

CVE-2024-9546

The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for...

CVE-2024-9546 WPIDE <= 3.4.9 - Unauthenticated Full Path Dislcosure

The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for...

CVE-2024-9546

CVE-2024-9546 affects the WPIDE – File Manager & Code Editor WordPress plugin (versions up to and including 3.4.9). The issue is an Unauthenticated Full Path Disclosure caused by the plugin’s use of the PHP-Parser library, which outputs parser rebuild command results. The disclosed information ca...

CVE-2024-9546 WPIDE <= 3.4.9 - Unauthenticated Full Path Dislcosure

The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for...

WordPress plugin WPIDE 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

Malicious Package

Overview tolerant-php-parser-server is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...

php: multiple buffer over-reads in php_parserr

Multiple buffer over-read flaws were found in the phpparserr function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dnsgetrecord function to perform a DNS query...

php: multiple buffer over-reads in php_parserr

Multiple buffer over-read flaws were found in the phpparserr function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dnsgetrecord function to perform a DNS query...