CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD•added 2026/03/25 6:31 p.m.•1 views

EUVD-2026-15495

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Gaspard gaspard allows PHP Local File Inclusion.This issue affects Gaspard: from n/a through = 1.3...

5.8AI score0.00172EPSS

Exploits0References2

CVE•added 2026/03/24 6:29 p.m.•6 views

CVE-2026-23923

CVE-2026-23923 : An unauthenticated attacker can abuse the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. Impact depends on environment, but appears limited; CVSS 4.0 base vector lists MEDIUM severity (6.9). No concrete exploitation details or affected product/vendor are...

6.9CVSS5.9AI score0.0011EPSS

Exploits0References1

Vulnrichment•added 2025/09/30 3:35 a.m.•2 views

CVE-2025-9993 Bei Fen – WordPress Backup Plugin <= 1.4.2 - Authenticated (Subscriber+) Local File Inclusion

The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the 'task'. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

8.1CVSS6.8AI score0.00082EPSS

Exploits0References3

CNNVD•added 2025/08/28 12:0 a.m.•0 views

WordPress plugin Ovatheme Events 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exis...

8.1CVSS6.5AI score0.00158EPSS

Exploits0References2

OSV•added 2025/07/29 6:5 a.m.•1 views

CLSA-2025-1753769145 php: Fix of CVE-2025-1220

CVE-2025-1220: error if host contains null bytes in the middle of the string...

5.3CVSS6.5AI score0.00156EPSS

Exploits1References1

CNVD•added 2025/04/22 12:0 a.m.•2 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-17365)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server that originates from improper handling of the Server: DML component and can be exploited by an attacker to cause a denial of service...

4.9CVSS6.1AI score0.00048EPSS

Exploits0References1

CNNVD•added 2024/11/22 12:0 a.m.•1 views

PHP 安全漏洞

PHP is a scripting language for PHP that executes on the server side. A security vulnerability exists in PHP that originates in the MySQL server that may cause clients to disclose the contents of their heaps. The following versions are affected: versions 8.1. through 8.1.31, 8.2. through 8.2.26,...

5.8CVSS5.5AI score0.00663EPSS

Exploits1References3

OSV•added 2024/02/27 2:15 a.m.•0 views

CVE-2023-41506

An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.8CVSS6.1AI score0.00119EPSS

Exploits0References1

Cvelist•added 2023/05/01 1:41 p.m.•14 views

CVE-2023-30859 Spigot Command Exploit in Triton

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...

7.2CVSS9.8AI score0.00506EPSS

Exploits1References2

OSV•added 2022/08/05 10:15 p.m.•2 views

CVE-2022-23103

A stack-based buffer overflow vulnerability exists in the confsrv confctlsetapplanguage functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

9.8CVSS7.9AI score

Exploits0References1

CNVD•added 2016/03/29 12:0 a.m.•3 views

Drupal Core Session Data Hijacking Vulnerability

Drupal is a free and open source content management system developed in PHP. A session data hijacking vulnerability exists in Drupal Core. In some older versions of PHP, user-supplied session data stored in Drupal could be serialized, leading to remote code execution...

8.1CVSS7.8AI score0.08219EPSS

Exploits0References1

RedHat Linux•added 2016/03/15 8:55 p.m.•4 views

php: use-after-free vulnerability in session deserializer

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

9.8CVSS7.4AI score0.226EPSS

Exploits3References4

OSV•added 2014/08/22 12:0 a.m.•1 views

UBUNTU-CVE-2014-3597

Multiple buffer overflows in the phpparserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted DNS record, related to the dnsgetrecord function and the...

6.8CVSS7.7AI score0.06957EPSS

Exploits0References4

RedHat Linux•added 2007/03/14 2:1 a.m.•1 views

security flaw

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...

5CVSS5.8AI score0.16535EPSS

Exploits0References4