Lucene search
+L

3907 matches found

almalinux
almalinux
added 2026/06/01 12:0 a.m.16 views

Important: php:8.3 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

8.8CVSS5.9AI score0.0078EPSS
Exploits1References10
almalinux
almalinux
added 2026/06/01 12:0 a.m.33 views

Important: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

8.8CVSS5.9AI score0.0078EPSS
Exploits1References10
osv
osv
added 2026/06/01 12:0 a.m.10 views

ALSA-2026:22143 Important: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

8.8CVSS5.9AI score0.0078EPSS
Exploits1References10
osv
osv
added 2026/06/01 12:0 a.m.11 views

ALSA-2026:22305 Important: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

8.8CVSS5.9AI score0.0078EPSS
Exploits1References10
nessus
nessus
added 2026/06/01 12:0 a.m.11 views

RockyLinux 8 : php:8.2 (RLSA-2026:22305)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22305 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

8.8CVSS6AI score0.0078EPSS
Exploits1References9
nessus
nessus
added 2026/06/01 12:0 a.m.15 views

RockyLinux 9 : php:8.3 (RLSA-2026:22142)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22142 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

8.8CVSS5.6AI score0.0078EPSS
Exploits1References9
nessus
nessus
added 2026/05/29 12:0 a.m.14 views

SUSE SLES15 Security Update : php7 (SUSE-SU-2026:2091-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2091-1 advisory. This update for php7 fixes the following issues - CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code...

9.8CVSS6.5AI score0.0078EPSS
Exploits1References19
nvd
nvd
added 2026/05/28 9:16 p.m.19 views

CVE-2026-42071

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

7.2CVSS0.0026EPSS
Exploits0References5
cve
cve
added 2026/05/28 8:29 p.m.33 views

CVE-2026-42071

Summary: CVE-2026-42071 affects MantisBT, specifically versions 2.23.0 through 2.28.1, where a missing authorization check in the file visibility function allows any authenticated user (REPORTER+) to download attachments from private bugnotes via REST API GET /api/rest/issues/{id}/files and SOAP ...

7.2CVSS5.8AI score0.0026EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/05/28 8:29 p.m.10 views

CVE-2026-42071 MantisBT: Private Bugnote Attachment Content Leak via REST API

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

7.2CVSS5.8AI score0.0026EPSS
Exploits0References5
ubuntu
ubuntu
added 2026/05/28 1:31 p.m.22 views

USN-8336-1: PHP vulnerabilities

Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the PDO Firebird driver. An attacker could possibly use this issue to perform SQL injection attacks. CVE-2025-14179 It was discovered that PHP incorrectly handled certain encoding...

9.8CVSS6.2AI score0.0078EPSS
Exploits1
osv
osv
added 2026/05/28 1:31 p.m.16 views

USN-8336-1 php8.1, php8.3, php8.4, php8.5 vulnerabilities

Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the PDO Firebird driver. An attacker could possibly use this issue to perform SQL injection attacks. CVE-2025-14179 It was discovered that PHP incorrectly handled certain encoding...

9.8CVSS6.2AI score0.0078EPSS
Exploits1References10
cve
cve
added 2026/05/28 3:44 a.m.89 views

CVE-2026-9794

Keycloak contains an information-disclosure flaw (CVE-2026-9794) where a remote, unauthenticated attacker can send crafted SOAP requests to the SAML ECP endpoint and observe differing faultstrings to infer the client protocol type. This is the scoped impact reported across NVD/Red Hat CVE entries...

5.3CVSS5.7AI score0.00331EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2026/05/28 3:44 a.m.37 views

CVE-2026-9794 Keycloak: keycloak: information disclosure via saml ecp endpoint

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

5.3CVSS0.00331EPSS
Exploits0References6
snyk
snyk
added 2026/05/28 3:15 a.m.8 views

Information Exposure

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Information Exposure via the SAML ECP endpoint when specially crafted SOAP requests are sent with varying...

6.9CVSS5.4AI score0.00331EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/28 12:0 a.m.15 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the possibility for remote, unauthenticated attackers to send specially crafted SOAP requests to the SAML ECP endpoint. These requests are accompanied ...

5.3CVSS5.8AI score0.00331EPSS
Exploits0References2
suse
suse
added 2026/05/27 11:52 a.m.9 views

Security update for php7

This update for php7 fixes the following issues CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776. CVE-2026-6735: improper validation of the request URI within the PHP-FPM status page can lead to XSS bsc1264775. CVE-2026-7258: signed char values...

9.2CVSS6.5AI score0.0078EPSS
Exploits1References24
osv
osv
added 2026/05/27 11:52 a.m.7 views

SUSE-SU-2026:2091-1 Security update for php7

This update for php7 fixes the following issues - CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776. - CVE-2026-6735: improper validation of the request URI within the PHP-FPM status page can lead to XSS bsc1264775. - CVE-2026-7258: signed char...

9.8CVSS6.4AI score0.0078EPSS
Exploits1References13
nessus
nessus
added 2026/05/27 12:0 a.m.18 views

Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2026-011 (ALASPHP8.2-2026-011)

The version of php installed on the remote host is prior to 8.2.31-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2026-011 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's...

9.8CVSS6.4AI score0.0078EPSS
Exploits1References16
nessus
nessus
added 2026/05/27 12:0 a.m.20 views

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2026-1728)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1728 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a globa...

9.8CVSS6.4AI score0.0078EPSS
Exploits1References16
Rows per page
Query Builder