Lucene search
K

93378 matches found

OSV
OSV
added 2026/02/24 6:43 p.m.8 views

RLSA-2026:2799 Moderate: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge CVE-2025-14178 php: PHP: Information disclosure via getimagesize function when reading multi-chunk images CVE-2025-14177 For more details about the...

6.5CVSS5.8AI score0.00474EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/02/24 4:33 p.m.4 views

CVE-2026-27590 Caddy: Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transport

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

9.3CVSS6.2AI score0.00542EPSS
Exploits1References3
OSV
OSV
added 2026/02/24 2:16 p.m.4 views

CVE-2025-14577

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/sessionajax.php endpoint. This issue was fixed in version 1.24.0190 Slican NCP and 6.61.0010 Slica...

9.8CVSS6AI score0.00389EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/24 1:21 p.m.19 views

CVE-2025-14577 PHP Function Injection in Slican NPC/IPL/IPM/IPU

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/sessionajax.php endpoint. This issue was fixed in version 1.24.0190 Slican NCP and 6.61.0010 Slica...

9.3CVSS0.00389EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/24 11:9 a.m.8 views

WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Celeste versions = 1.3.6...

8.1CVSS5.5AI score0.00308EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/24 10:29 a.m.8 views

WordPress NextScripts plugin <= 4.4.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NextScripts versions = 4.4.7...

8.8CVSS6AI score0.00355EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/24 4:2 a.m.5 views

CVE-2026-3069

A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and ma...

7.5CVSS5.4AI score0.00333EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/24 4:2 a.m.14 views

CVE-2026-3069

The CVE-2026-3069 entry concerns itsourcecode Document Management System 1.0. Affected is the /edtlbls.php file, where manipulating the field1 argument leads to SQL injection. The vulnerability is described as exploitable remotely and publicly disclosed. Connected sources corroborate the affected...

9.8CVSS7.3AI score0.00333EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/24 3:32 a.m.5 views

CVE-2026-3068 itsourcecode Document Management System deluser.php sql injection

A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

7.5CVSS5.5AI score0.00333EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.6 views

Slican多款产品 访问控制错误漏洞

Slican NCP are products of the Polish company Slican. Slican NCP is an IP communication server. Slican IPL is an Internet Protocol Private Branch switch. Slican IPM is an IP phone switch server. Several Slican products have vulnerabilities related to access control, which originate from PHP...

9.8CVSS6AI score0.00389EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.8 views

itsourcecode Document Management System SQL注入漏洞

itsourcecode Document Management System is an open-source document management system developed by itsourcecode. Version 1.0 of the itsourcecode Document Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter field1 in the file...

9.8CVSS7.1AI score0.00333EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.7 views

PT-2026-21662

Name of the Vulnerable Software and Affected Versions itsourcecode Document Management System version 1.0 Description A security issue exists in itsourcecode Document Management System version 1.0. The manipulation of the field1 parameter in the /edtlbls.php file can lead to SQL injection. The...

9.8CVSS6.9AI score0.00333EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.8 views

Cisco AppDynamics PHP Agent Privilege Escalation (cisco-sa-appd-php-authpriv-gEBwTvu5)

According to its self-reported version, Cisco AppDynamics is affected by a vulnerability. - A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient...

7.8CVSS5.7AI score0.00189EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/02/24 12:0 a.m.126 views

📄 SPIP Saisies 5.11.0 Remote Code Execution

This Metasploit module exploits a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected...

9.8CVSS6.1AI score0.05126EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/02/24 12:0 a.m.124 views

📄 SPIP Saisies 5.11.0 Remote Code Execution

Proof of concept exploit for a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected. Written in PHP...

9.8CVSS6.1AI score0.05126EPSS
Exploits5
Redos
Redos
added 2026/02/24 12:0 a.m.7 views

ROS-20260224-73-0012

Vulnerability in php-itop related to a flaw in the authorization mechanism. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

8.7CVSS5.5AI score0.00269EPSS
Exploits0
CVE
CVE
added 2026/02/23 11:2 p.m.14 views

CVE-2026-3042

The CVE-2026-3042 entry concerns itsourcecode Event Management System 1.0. The vulnerability affects the /admin/index.php file where manipulating the ID argument leads to SQL injection, exploitable remotely, with publicly available exploit information. Multiple connected sources corroborate the i...

9.8CVSS7.3AI score0.00425EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/23 7:32 p.m.9 views

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

9.8CVSS7.1AI score0.05403EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/23 1:30 p.m.4 views

CVE-2019-25446

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/23 1:30 p.m.6 views

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.5CVSS5.7AI score0.0031EPSS
Exploits1References1
Rows per page
Query Builder