Argument injection via newline in PHP INI values forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

Fedora 42 : phpunit8 (2026-8a7678fa99)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8a7678fa99 advisory. Version 8.5.52 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...

CVE-2024-6565

The AForms — Form Builder for Price Calculator & Cost Estimation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.6. This is due to the plugin utilizing the aura library and allowing direct access to the phpunit test files. This makes it possibl...