Lucene search
K

93392 matches found

Cvelist
Cvelist
added 2026/02/21 11:2 p.m.29 views

CVE-2026-2895 funadmin Member.php repass password recovery

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

6.3CVSS0.00392EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/21 7:31 p.m.15 views

CVE-2025-69322

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through 1.5.9...

8.1CVSS5.5AI score0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.5 views

CVE-2025-69402

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX R rf allows PHP Local File Inclusion.This issue affects R: from n/a through = 1.5...

8.1CVSS5.5AI score0.00561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.6 views

CVE-2025-69409

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes PJ | Life & Business Coaching pj allows PHP Local File Inclusion.This issue affects PJ | Life & Business Coaching: from n/a through = 3.0.0...

8.1CVSS5.5AI score0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.6 views

CVE-2025-69373

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through = 2.9.9.9.9.9.7...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.9 views

CVE-2025-69398

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Plank plank allows PHP Local File Inclusion.This issue affects Plank: from n/a through = 1.7...

8.1CVSS5.5AI score0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.5 views

CVE-2025-69406

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX FreightCo freightco allows PHP Local File Inclusion.This issue affects FreightCo: from n/a through = 1.1.7...

8.1CVSS5.5AI score0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.4 views

CVE-2026-22375

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Impacto Patronus impacto-patronus allows PHP Local File Inclusion.This issue affects Impacto Patronus: from n/a through = 1.2.3...

8.1CVSS5.5AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.4 views

CVE-2026-22373

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Fooddy fooddy allows PHP Local File Inclusion.This issue affects Fooddy: from n/a through = 1.3.10...

8.1CVSS5.5AI score0.00426EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.5 views

CVE-2026-22380

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue affects UnlimHost: from n/a through = 1.2.3...

8.1CVSS5.5AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.4 views

CVE-2026-22364

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through =1.0.2...

8.1CVSS5.5AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.5 views

CVE-2026-22365

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects Soleng: from n/a through = 1.0.5...

8.1CVSS5.5AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.5 views

CVE-2026-22361

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes A-Mart a-mart allows PHP Local File Inclusion.This issue affects A-Mart: from n/a through = 1.0.2...

8.1CVSS5.5AI score0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.5 views

CVE-2026-24891

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

7.5CVSS5.9AI score0.00359EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/02/21 7:1 a.m.9 views

CVE-2026-27206

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS6.2AI score0.0074EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/21 7:1 a.m.30 views

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS0.0074EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/21 7:1 a.m.3 views

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS6.2AI score0.0074EPSS
Exploits0References3
CVE
CVE
added 2026/02/21 7:1 a.m.19 views

CVE-2026-27206

The CVE concerns Zumba Json Serializer for PHP. Versions 3.2.2 and earlier allow deserialization of PHP objects from JSON via an @type field, which can instantiate any class specified without restrictions. If attacker-controlled JSON reaches JsonSerializer::unserialize() and the app contains clas...

8.1CVSS6.2AI score0.0074EPSS
Exploits0References3
OSV
OSV
added 2026/02/21 7:1 a.m.7 views

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS6.3AI score0.0074EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.11 views

CVE-2026-27343

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through = 1.2.91...

7.5CVSS5.5AI score0.00423EPSS
Exploits0References1
Rows per page
Query Builder