PT-2026-4148

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes uReach ureach allows PHP Local File Inclusion.This issue affects uReach: from n/a through = 1.3.3...

CVE-2025-15265

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a block without HTML‑safe escaping, allowing to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for...

CVE-2025-15265

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for session theft and account compromise. This...

WordPress plugin Greenorganic 安全漏洞

PHP, etc. are products of PHP. PHP is a scripting language that executes on the server side. webSockets ws, etc. are products of WebSockets open source. ws is a Node.js WebSocket library. r infrastructure gh, etc. are R infrastructure open source gh is a GitHub API library. A security vulnerabili...

WordPress plugin Rentic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-51306

Name of the Vulnerable Software and Affected Versions Zomplog version 3.9 Description An authenticated attacker can inject and execute arbitrary PHP code through file manipulation endpoints. This is achieved by uploading malicious JavaScript files, renaming them to PHP, and then executing system...

CVE-2025-13625

The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

📄 Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection

Fortra FileCatalyst Workflow version 5.1.6 Build 135 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135...

EUVD-2025-197981

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...

CVE-2025-60073

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Processby Responsive Sidebar responsive-sidebar allows PHP Local File Inclusion.This issue affects Responsive Sidebar: from n/a through = 1.2.2...

CVE-2025-60199 WordPress InHype - Blog & Magazine WordPress Theme theme <= 1.5.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype - Blog & Magazine WordPress Theme: from n/a through = 1.5.2...

WordPress plugin Saxon 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

school-management-system 代码问题漏洞

school-management-system is a school management system developed in PHP for schools or small organizations by Shubham kumar individual developer. A code issue vulnerability exists in school-management-system, which stems from the incorrect manipulation of the parameter File in the file...

EUVD-2019-5908

Malware in sbrugna...

EUVD-2025-25172

Malicious code in bioql PyPI...

PHP 安全漏洞

PHP is a scripting language for PHP that is executed server-side. A security vulnerability exists in PHP versions prior to 8.1.33, prior to 8.2.29, prior to 8.3.23, and prior to 8.4.10, which stems from a failure of the pgsql and pdopgsql escape functions to check if a referenced function is...

PHP 安全漏洞

PHP is a scripting language for PHP that is executed server-side. A security vulnerability exists in PHP versions prior to 8.1.33, 8.2.29, 8.3.23, and 8.4.10, which stems from functions such as fsockopen failing to validate that the hostname contains null characters, which could lead to security...

OESA-2025-1760 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

WordPress plugin WordPress Social Login and Register 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...

CVE-2022-3989

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the...