93378 matches found
RLSA-2026:2799 Moderate: php security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge CVE-2025-14178 php: PHP: Information disclosure via getimagesize function when reading multi-chunk images CVE-2025-14177 For more details about the...
CVE-2026-27590 Caddy: Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transport
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...
CVE-2025-14577
Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/sessionajax.php endpoint. This issue was fixed in version 1.24.0190 Slican NCP and 6.61.0010 Slica...
CVE-2025-14577 PHP Function Injection in Slican NPC/IPL/IPM/IPU
Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/sessionajax.php endpoint. This issue was fixed in version 1.24.0190 Slican NCP and 6.61.0010 Slica...
WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Celeste versions = 1.3.6...
WordPress NextScripts plugin <= 4.4.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NextScripts versions = 4.4.7...
CVE-2026-3069
A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and ma...
CVE-2026-3069
The CVE-2026-3069 entry concerns itsourcecode Document Management System 1.0. Affected is the /edtlbls.php file, where manipulating the field1 argument leads to SQL injection. The vulnerability is described as exploitable remotely and publicly disclosed. Connected sources corroborate the affected...
CVE-2026-3068 itsourcecode Document Management System deluser.php sql injection
A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...
Slican多款产品 访问控制错误漏洞
Slican NCP are products of the Polish company Slican. Slican NCP is an IP communication server. Slican IPL is an Internet Protocol Private Branch switch. Slican IPM is an IP phone switch server. Several Slican products have vulnerabilities related to access control, which originate from PHP...
itsourcecode Document Management System SQL注入漏洞
itsourcecode Document Management System is an open-source document management system developed by itsourcecode. Version 1.0 of the itsourcecode Document Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter field1 in the file...
PT-2026-21662
Name of the Vulnerable Software and Affected Versions itsourcecode Document Management System version 1.0 Description A security issue exists in itsourcecode Document Management System version 1.0. The manipulation of the field1 parameter in the /edtlbls.php file can lead to SQL injection. The...
Cisco AppDynamics PHP Agent Privilege Escalation (cisco-sa-appd-php-authpriv-gEBwTvu5)
According to its self-reported version, Cisco AppDynamics is affected by a vulnerability. - A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient...
📄 SPIP Saisies 5.11.0 Remote Code Execution
This Metasploit module exploits a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected...
📄 SPIP Saisies 5.11.0 Remote Code Execution
Proof of concept exploit for a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected. Written in PHP...
ROS-20260224-73-0012
Vulnerability in php-itop related to a flaw in the authorization mechanism. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
CVE-2026-3042
The CVE-2026-3042 entry concerns itsourcecode Event Management System 1.0. The vulnerability affects the /admin/index.php file where manipulating the ID argument leads to SQL injection, exploitable remotely, with publicly available exploit information. Multiple connected sources corroborate the i...
CVE-2026-2952
A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...
CVE-2019-25446
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these...
CVE-2019-25450
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...