Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005380)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005380 advisory. In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient...

PT-2026-22994

Name of the Vulnerable Software and Affected Versions Idno versions prior to 1.6.4 Description Idno, a social publishing platform, contains a remote code execution vulnerability that can be triggered through a chained sequence of issues. Specifically, a web application administrator can be...

📄 MajorDoMo Console Eval Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panels PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call...

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had code vulnerabilities. These vulnerabilities stemmed from improper handling of the POST parameter openidurl in the file/index.php file, which could lead to blind SRFI attacks...

Chamilo SQL注入漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a SQL injection vulnerability, which stemmed from a time-based SQL injection in the /main/webservices/registration.soap.php file...

Linux Distros Unpatched Vulnerability : CVE-2026-22205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protect...

Exploit for CVE-2026-3395

CVE‑2026‑3395 — MaxSite CMS Unauthenticated Remote Code Execut...

CVE-2026-1542

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005378)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005378 advisory. In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP...

CVE-2019-25490

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...

CVE-2024-10938

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...

CVE-2026-2471

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...

CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...

CVE-2026-2471

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...

CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...

CVE-2026-1542

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2026-1542 Super Stage WP <= 1.0.1 - Unauthenticated PHP Object Injection

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2026-1542

The CVE-2026-1542 entry concerns the Super Stage WP WordPress plugin (vulnerable through 1.0.1). It describes an insecure unserialization of user input from REQUEST, leading to PHP Object Injection when a suitable gadget exists on the blog. The vulnerability is exploitable by unauthenticated user...

CVE-2026-1542 Super Stage WP <= 1.0.1 - Unauthenticated PHP Object Injection

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2026-1542

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...