CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

Snyk•added 2026/05/07 7:43 p.m.•3 views

Active Debug Code

Overview Affected versions of this package are vulnerable to Active Debug Code via the Installer process. An attacker can access sensitive server configuration, environment variables, filesystem paths, and loaded PHP extensions by sending an unauthenticated GET request with the phpinfo parameter...

6.9CVSS5.8AI score0.00049EPSS

Exploits0References2

RedhatCVE•added 2025/12/10 5:17 p.m.•1 views

CVE-2025-63738

An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php...

4.3CVSS6.8AI score0.0004EPSS

Exploits1References1

NVD•added 2025/12/09 5:15 p.m.•3 views

CVE-2025-63738

An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php...

4.3CVSS0.0004EPSS

Exploits1References1

Cvelist•added 2025/12/09 12:0 a.m.•16 views

CVE-2025-63738

An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php...

0.0004EPSS

Exploits1References1