CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

RedhatCVE•added 2026/01/31 9:14 p.m.•5 views

CVE-2026-25129

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

7.3CVSS6.5AI score0.00007EPSS

Exploits1References1

OSV•added 2026/01/30 9:28 p.m.•5 views

GHSA-4486-GXHX-5MG7 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

Summary PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as their CWD when launching PsySH, the attacker can trigger arbitrary code execution in the victim's context. When t...

6.7CVSS6.4AI score0.00007EPSS

Exploits1References5

Github Security Blog•added 2026/01/30 9:28 p.m.•3 views

PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

7.3CVSS6.4AI score0.00007EPSS

Exploits1References5Affected Software1

NVD•added 2026/01/30 9:15 p.m.•3 views

CVE-2026-25129

7.3CVSS0.00007EPSS

Exploits1References3

Snyk•added 2026/01/30 8:53 p.m.•1 views

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the automatic loading and execution of .psysh.php from the current working directory during startup. An attacker can execute arbitrary code with the privileges of the victim process by placing a...

7.3CVSS6.2AI score0.00007EPSS

Exploits1References2

EUVD•added 2026/01/30 8:12 p.m.•2 views

EUVD-2026-5009

6.7CVSS6.5AI score0.00007EPSS

Exploits1References3

CVE•added 2026/01/30 8:12 p.m.•27 views

CVE-2026-25129

PsySH (PHP) is affected by a CWD-based configuration poisoning vulnerability. Prior to versions 0.11.23 and 0.12.19, PsySH auto-loads and executes a .psysh.php file from the current working directory at startup. If an attacker can write to a directory that a victim later uses as the CWD, they can...

7.3CVSS6.5AI score0.00007EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/01/30 8:12 p.m.•26 views

CVE-2026-25129 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

6.7CVSS0.00007EPSS

Exploits1References3

OSV•added 2026/01/30 8:12 p.m.•3 views

CVE-2026-25129 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

6.7CVSS6.5AI score0.00007EPSS

Exploits1References5

Vulnrichment•added 2026/01/30 8:12 p.m.•1 views

CVE-2026-25129 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

6.7CVSS6.5AI score0.00007EPSS

Exploits1References3

ATTACKERKB•added 2026/01/30 8:12 p.m.•3 views

CVE-2026-25129

6.7CVSS6.5AI score0.00007EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/01/30 12:0 a.m.•0 views

PsySH code issue vulnerabilities

PsySH is a runtime console developed by Justin Hileman individually. Versions of PsySH prior to 0.11.23 and 0.12.19 have code vulnerabilities. These vulnerabilities stem from the automatic loading of the .psysh.php file from the current working directory, which may lead to arbitrary code executio...

7.3CVSS6.3AI score0.00007EPSS

Exploits1References4

Positive Technologies•added 2026/01/30 12:0 a.m.•5 views

PT-2026-5440

Name of the Vulnerable Software and Affected Versions PsySH versions prior to 0.11.23 PsySH versions prior to 0.12.19 Description PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.ph...

6.7CVSS6.4AI score0.00007EPSS

Exploits1References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by