RHEL 9 : php (RHSA-2026:4266)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4266 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge...

PT-2026-24668

🚨 CVE-2026-3944 A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att add.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

PT-2026-24587

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize on the data, this could be furth...

WordPress plugin divi-booster 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

PT-2026-24797

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurar produto.php. The id produto parameter from $ GET is directly interpolated into SQL queries without...

RHEL 9 : php (RHSA-2026:4212)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4212 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge...

CVE-2026-28495

GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...

EUVD-2026-10811

GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...

CVE-2026-28495 GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php

GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...

GHSA-CFPV-RMPF-F624 Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking

Summary Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any user including administrators views the inventory management...

Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking

Summary Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any user including administrators views the inventory management...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

Moderate: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: gitea, secrets-store-csi-driver-provider-azure, timescaledb-parallel-copy, argo-events, volume-modifier-for-k8s, crossplane-provider-aws-cloudfront, amazon-cloudwatch-agent-operator, cluster-api-provider-vsphere, kind, dask-gateway, gogatekeeper,...

GHSA-J3GX-2473-5FP8 vulnerabilities

Vulnerabilities for packages: gitea, secrets-store-csi-driver-provider-azure, timescaledb-parallel-copy, argo-events, volume-modifier-for-k8s, crossplane-provider-aws-cloudfront, amazon-cloudwatch-agent-operator, cluster-api-provider-vsphere, kind, dask-gateway, gogatekeeper,...

GHSA-RV83-G57W-FR8J vulnerabilities

Vulnerabilities for packages: gitea, secrets-store-csi-driver-provider-azure, timescaledb-parallel-copy, argo-events, volume-modifier-for-k8s, crossplane-provider-aws-cloudfront, amazon-cloudwatch-agent-operator, cluster-api-provider-vsphere, kind, dask-gateway, gogatekeeper, xcaddy,...

WordPress Love Story theme <= 1.3.12 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Love Story versions = 1.3.12...

WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Work & Travel Company versions = 1.2...

WordPress Buisson theme <= 1.1.11 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Buisson versions = 1.1.11...

WordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin TotalContest Lite versions = 2.9.1...