UBUNTU-CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

CVE-2026-25237

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

PT-2026-6286

Name of the Vulnerable Software and Affected Versions PEAR versions prior to 1.33.0 Description PEAR, a framework for reusable PHP components, contains a flaw related to the use of the preg replace function with the /e modifier. This can lead to PHP code execution if attacker-controlled content i...

CVE-2025-66305

Grav vulnerability CVE-2025-66305: DoS caused by improper input handling in the Languages submenu of the Grav admin panel (/admin/config/system). The issue arises from dynamically constructing a regex from the Supported field without proper validation/escaping, leading to a fatal preg_match() err...

EUVD-2021-27716

Malicious code in bioql PyPI...

EUVD-2025-25172

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-24025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to incorrect string size calculations inside the pregquote function, a large input string passed to the function can trigger an integer overflow leading to ...

CVE-2025-9277

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken pregreplace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-50567

Saurus CMS Community Edition 4.7.1 has a vulnerability in the custom DB::prepare() function that uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This allows injecting user-controlled SQL statements, potentially leading to arbitrary PHP code executio...

Malicious code in @zalastax/nolb-preg (npm)

The package @zalastax/nolb-preg was found to contain malicious code...

MAL-2025-13271 Malicious code in @zalastax/nolb-preg (npm)

The package @zalastax/nolb-preg was found to contain malicious code...

Cross site scripting

PHPFusion 9.03.110 is affected by cross-site scripting XSS in the preg patterns filter html tag without "//" in descript function An authenticated user can trigger XSS by appending "//" in the end of text...

CVE-2021-40541

PHPFusion 9.03.110 is affected by cross-site scripting XSS in the preg patterns filter html tag without "//" in descript function An authenticated user can trigger XSS by appending "//" in the end of text...

CVE-2021-40541

CVE-2021-40541 affects PHPFusion 9.03.110. The vulnerability is an XSS in the descript() function, triggered when an authenticated user appends "//" at the end of text, due to how the preg filter handles HTML tags. The available sources (NVD, CNVD, CVE List) describe the issue; no exploitation de...

PHPMailer < 5.2.10 'html2text' Library RCE Vulnerability

PHPMailer is prone to a remote code execution RCE vulnerability within the shipped Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Internet Bug Bounty: integer overflow in preg_quote caused heap corruption

Please check: https://bugs.php.net/bug.php?id=72895...

PHP Nuke 8.3 MT Shell Upload

Iranian Pentesters Home Title : PHP Nuke 8.3 MT Arbitrary File Upload Vulnerability Author : Pentesters.ir Exploits Coded by : b3hz4d & 4n0nym0us Tested on: PHP Nuke 8.3 Vendor : http://phpnuke.ir Specially Thanks To: Navid, Hossein, Ahmad, vahid, daryoush and all of the pentesters.ir members...