Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Cvelist
Cvelistadded 2026/02/11 6:0 a.m.27 views

CVE-2026-1235 WP eCommerce <= 3.15.1 - Unauthenticated PHP Object Injection

The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

0.00032EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/11/27 4:59 p.m.6 views

CVE-2025-61168

An issue in the cmsrest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file...

9.8CVSS7.9AI score0.00168EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/25 9:32 p.m.2 views

EUVD-2025-199635

An issue in the cmsrest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file...

9.8CVSS7.4AI score0.00168EPSS
Exploits0References5
Cvelist
Cvelistadded 2025/11/25 12:0 a.m.5 views

CVE-2025-61168

An issue in the cmsrest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file...

0.00168EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/11/25 12:0 a.m.2 views

PT-2025-48070

An issue in the cms rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file...

7.9AI score0.00168EPSS
Exploits0References5
SUSE CVE
SUSE CVEadded 2023/02/15 4:58 a.m.2 views

SUSE CVE-2016-7417

ext/spl/splarray.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data...

9.8CVSS7.7AI score0.01858EPSS
Exploits1References11
OSV
OSVadded 2021/01/01 2:15 a.m.3 views

CVE-2020-35939

PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action mus...

8.8CVSS7.4AI score0.01399EPSS
Exploits1References1
OSV
OSVadded 2015/09/30 8:10 p.m.1 views

USN-2758-1 php5 vulnerabilities

It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. CVE-2015-5589 It was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker cou...

10CVSS7.4AI score0.35455EPSS
Exploits8References11
RedHat Linux
RedHat Linuxadded 2015/07/09 5:1 p.m.1 views

php: exception:: getTraceAsString type confusion issue after unserialize

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

10CVSS7.4AI score0.08129EPSS
Exploits5References4
Rows per page
Query Builder