PT-2026-39446

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description Certain functions, including urldecode, pass signed characters to ctype functions such as...

Admidio 代码问题漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.9 had code vulnerabilities. These vulnerabilities stemmed fr...

PT-2026-39445

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description Improper sanitation of user data allows an attacker to compose a URL that executes arbitrary...

PT-2026-39444

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description A use-after-free issue exists in the SOAP extension's object deduplication mechanism, specifical...

PT-2026-39449

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description A mistake in the decoding process of a SOAP server with a configured typemap causes the system t...

PT-2026-38617

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.81 Description An authenticated unrestricted file upload issue exists in the product image upload functionality. An attacker with valid credentials can bypass MIME type validation by prepending GIF89a magi...

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.9 contained security vulnerabilities. These vulnerabilities...

PT-2026-39448

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description When SoapServer is configured with SOAP PERSISTENCE SESSION, the handler object is persisted...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016519)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016519 advisory. In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, ifa password stored with passwordhash starts with a null byte \x00, testing a blank string ...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016501)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016501 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error inconvert.quoted-printable-decode filter certain data can lead to buffer...

PHP 8.2.x < 8.2.31 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.31. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.31 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

PHP 8.3.x < 8.3.31 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.3.31. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.31 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016513)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016513 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescapefunction on 32-bit systems can cause an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016509)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016509 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and requestfulluri option, the URI is not proper...

Bludit CMS 3.18.4 - RCE

Exploit Title: Bludit CMS 3.18.4 - RCE Date: 2026-03-28 Exploit Author: Yahia Hamza https://yh.do Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/refs/tags/3.18.2.zip Version: Bludit . The uploadFile function performs no file extension or content...

PHP 8.4.x < 8.4.21 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.4.21. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.4.21 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

CVE-2026-40296

PhpSpreadsheet is affected by a stored XSS in the HTML writer when a cell uses a custom number format containing the text placeholder @. If the formatted value diverges from the original value (e.g., formats like ". @", "@ ", or "x@"), htmlspecialchars() escaping is skipped, allowing unescaped HT...

CVE-2026-41934

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

CVE-2026-41934

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

CVE-2026-41934 Vvveb < 1.0.8.2 Authenticated RCE via Code Editor

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...