CVE-2026-2626

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize on the data, this could be furth...

PHP 5.4/5.5/5.6 - SplDoublyLinkedList 'Unserialize()' Use-After-Free

Yet Another Use After Free Vulnerability in unserialize with SplDoublyLinkedList Taoguang Chen - Write Date: 2015.8.27 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplDoublyLinkedList object's deserialization and crafted object's wakeup magic method tha...

PHP 5.6 GMP unserialize() Use-After-Free

Use After Free Vulnerability in unserialize with GMP Taoguang Chen - Write Date: 2015.8.17 - Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code...