UBUNTU-CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

CVE-2026-25237

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

PT-2026-6286

Name of the Vulnerable Software and Affected Versions PEAR versions prior to 1.33.0 Description PEAR, a framework for reusable PHP components, contains a flaw related to the use of the preg replace function with the /e modifier. This can lead to PHP code execution if attacker-controlled content i...

EUVD-2025-25172

Malicious code in bioql PyPI...

CVE-2025-9277

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken pregreplace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-50567

Saurus CMS Community Edition 4.7.1 has a vulnerability in the custom DB::prepare() function that uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This allows injecting user-controlled SQL statements, potentially leading to arbitrary PHP code executio...

PHPMailer < 5.2.10 'html2text' Library RCE Vulnerability

PHPMailer is prone to a remote code execution RCE vulnerability within the shipped Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...