92662 matches found
CVE-2026-6409
A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...
UBUNTU-CVE-2026-6409
A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input
A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...
CVE-2026-6409
CVE-2026-6409 is a DoS in the Protobuf PHP library during parsing of untrusted input. Maliciously structured messages—specifically those with negative varints or deep recursion—can crash the application, affecting service availability. Connected sources confirm the vulnerability and its impact on...
CVE-2026-31843
The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...
CVE-2026-31843
The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...
CVE-2026-31843
The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...
CVE-2026-31843
The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...
WordPress WooCommerce Product Filters plugin < 2.0.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin WooCommerce Product Filters versions 2.0.6...
Exploit for Deserialization of Untrusted Data in Roundcube Webmail
CVE-2025-49113 — Roundcube Post-Auth RCE via PHP Object Deseri...
Arbitrary Code Injection
Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Arbitrary Code Injection via the PhpHelper::parseArrayToString process. An attacker can execute arbitrary PHP code as the web server user by injecting specially crafted input into...
GHSA-GC9W-CC93-RJV8 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)
Summary PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, the privilegeduser parameter which has no input validation is written...
Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)
Summary PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, the privilegeduser parameter which has no input validation is written...
PT-2026-33337
Name of the Vulnerable Software and Affected Versions SourceCodester Payroll Management and Information System version 1.0 Description SQL Injection exists in the file '/payroll/view employee.php'. Recommendations Update SourceCodester Payroll Management and Information System to a version newer...
CVE-2026-37340
Consolidated view: CVE-2026-37340 affects SourceCodester Simple Music Cloud Community System v1.0, with a SQL Injection flaw in the file /music/edit_music.php. The vulnerability is described across multiple sources as enabling SQL injection, implying potential disclosure, modification, and disrup...
SourceCodester Simple Music Cloud Community System 安全漏洞
SourceCodester Simple Music Cloud Community System is an open-source simple music cloud community system developed by SourceCodester. Version 1.0 of the SourceCodester Simple Music Cloud Community System contains a security vulnerability, which stems from the file /music/viewuser.php being...
Linux Distros Unpatched Vulnerability : CVE-2026-6409
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messagesspecifically thos...
CVE-2026-37339
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewgenre.php...
SourceCodester Simple Music Cloud Community System 安全漏洞
SourceCodester Simple Music Cloud Community System is an open-source simple music cloud community system developed by SourceCodester. Version 1.0 of the SourceCodester Simple Music Cloud Community System contains a security vulnerability, which stems from the file /music/viewgenre.php being...
CVE-2026-33698
Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...