Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: php Clear
ID Title
CVE-2026-46493 Vulnerability in CVE-2026-46493 (CVE-2026-46493)
vulnerability in CVE-2026-46493 (CVE-2026-46493). Confidential information can be exposed externally. Exploitable via ``uniqid``.
CVE-2026-46401 Vulnerability in CVE-2026-46401 (CVE-2026-46401)
vulnerability in CVE-2026-46401 (CVE-2026-46401). Risk of unauthorized operations or information disclosure.
CVE-2026-46400 Unrestricted File Upload in CVE-2026-46400 (CVE-2026-46400)
vulnerability in CVE-2026-46400 (CVE-2026-46400). Risk of unauthorized operations or information disclosure.
CVE-2026-46397 Path Traversal in CVE-2026-46397 (CVE-2026-46397)
path traversal in CVE-2026-46397 (CVE-2026-46397). Confidential information can be exposed externally.
CVE-2026-46398 Vulnerability in CVE-2026-46398 (CVE-2026-46398)
vulnerability in CVE-2026-46398 (CVE-2026-46398). Risk of unauthorized operations or information disclosure.
CVE-2026-5415 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-5411 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-46394 OS Command Injection in CVE-2026-46394 (CVE-2026-46394)
OS command injection in CVE-2026-46394 (CVE-2026-46394). Risk of unauthorized operations or information disclosure.
CVE-2026-46399 Vulnerability in CVE-2026-46399 (CVE-2026-46399)
vulnerability in CVE-2026-46399 (CVE-2026-46399). Risk of unauthorized operations or information disclosure.
CVE-2026-46392 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
CVE-2026-46390 Vulnerability in CVE-2026-46390 (CVE-2026-46390)
vulnerability in CVE-2026-46390 (CVE-2026-46390). Risk of unauthorized operations or information disclosure.
CVE-2026-11342 Vulnerability in sqli (CVE-2026-11342)
vulnerability in sqli (CVE-2026-11342). Risk of unauthorized operations or information disclosure.
CVE-2026-11344 Vulnerability in CVE-2026-11344 (CVE-2026-11344)
vulnerability in CVE-2026-11344 (CVE-2026-11344). Risk of unauthorized operations or information disclosure.
CVE-2026-11337 Cross-Site Scripting (XSS) in CVE-2026-11337 (CVE-2026-11337)
cross-site scripting in CVE-2026-11337 (CVE-2026-11337). Risk of unauthorized operations or information disclosure.
CVE-2026-11336 Vulnerability in CVE-2026-11336 (CVE-2026-11336)
vulnerability in CVE-2026-11336 (CVE-2026-11336). Risk of unauthorized operations or information disclosure.
CVE-2026-11335 Vulnerability in CVE-2026-11335 (CVE-2026-11335)
vulnerability in CVE-2026-11335 (CVE-2026-11335). Risk of unauthorized operations or information disclosure.
CVE-2026-11333 Vulnerability in CVE-2026-11333 (CVE-2026-11333)
vulnerability in CVE-2026-11333 (CVE-2026-11333). Risk of unauthorized operations or information disclosure.
CVE-2026-38579 Cross-Site Scripting (XSS) in CVE-2026-38579 (CVE-2026-38579)
cross-site scripting in CVE-2026-38579 (CVE-2026-38579). Risk of unauthorized operations or information disclosure.
CVE-2026-11334 Vulnerability in sqli (CVE-2026-11334)
vulnerability in sqli (CVE-2026-11334). Risk of unauthorized operations or information disclosure.
CVE-2026-48907 KEV [KEV] Vulnerability in widget factory (CVE-2026-48907)
vulnerability in widget factory (CVE-2026-48907). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-10877 Vulnerability in sqli (CVE-2026-10877)
vulnerability in sqli (CVE-2026-10877). Risk of unauthorized operations or information disclosure.
CVE-2026-10874 Vulnerability in sqli (CVE-2026-10874)
vulnerability in sqli (CVE-2026-10874). Risk of unauthorized operations or information disclosure.
CVE-2026-10815 Vulnerability in CVE-2026-10815 (CVE-2026-10815)
vulnerability in CVE-2026-10815 (CVE-2026-10815). Risk of unauthorized operations or information disclosure.
CVE-2026-10811 Vulnerability in sqli (CVE-2026-10811)
vulnerability in sqli (CVE-2026-10811). Risk of unauthorized operations or information disclosure.
CVE-2026-10863 Vulnerability in sqli (CVE-2026-10863)
vulnerability in sqli (CVE-2026-10863). Confidential information can be exposed externally.
CVE-2026-10810 Cross-Site Scripting (XSS) in CVE-2026-10810 (CVE-2026-10810)
cross-site scripting in CVE-2026-10810 (CVE-2026-10810). Risk of unauthorized operations or information disclosure.
CVE-2026-10807 Vulnerability in CVE-2026-10807 (CVE-2026-10807)
vulnerability in CVE-2026-10807 (CVE-2026-10807). Risk of unauthorized operations or information disclosure.
CVE-2026-10809 Vulnerability in sqli (CVE-2026-10809)
vulnerability in sqli (CVE-2026-10809). Risk of unauthorized operations or information disclosure.
CVE-2026-10808 Vulnerability in sqli (CVE-2026-10808)
vulnerability in sqli (CVE-2026-10808). Risk of unauthorized operations or information disclosure.
CVE-2026-10806 Vulnerability in CVE-2026-10806 (CVE-2026-10806)
vulnerability in CVE-2026-10806 (CVE-2026-10806). Risk of unauthorized operations or information disclosure.
CVE-2019-25738 Vulnerability in wordpress (CVE-2019-25738)
vulnerability in wordpress (CVE-2019-25738). Successful exploitation can lead to full system takeover.
CVE-2019-25744 Cross-Site Scripting (XSS) in wordpress (CVE-2019-25744)
cross-site scripting in wordpress (CVE-2019-25744). Risk of unauthorized operations or information disclosure.
CVE-2019-25734 Path Traversal in csrf (CVE-2019-25734)
path traversal in csrf (CVE-2019-25734). Risk of unauthorized operations or information disclosure.
CVE-2019-25730 SQL Injection in sqli (CVE-2019-25730)
SQL injection in sqli (CVE-2019-25730). Confidential information can be exposed externally.
CVE-2019-25732 SQL Injection in sqli (CVE-2019-25732)
SQL injection in sqli (CVE-2019-25732). Confidential information can be exposed externally.
CVE-2019-25729 Cross-Site Request Forgery (CSRF) in csrf (CVE-2019-25729)
vulnerability in csrf (CVE-2019-25729). Successful exploitation can lead to full system takeover.
CVE-2019-25728 SQL Injection in sqli (CVE-2019-25728)
SQL injection in sqli (CVE-2019-25728). Confidential information can be exposed externally.
CVE-2019-25727 Path Traversal in wordpress (CVE-2019-25727)
path traversal in wordpress (CVE-2019-25727). Successful exploitation can lead to full system takeover.
CVE-2026-10737 Vulnerability in wordpress (CVE-2026-10737)
vulnerability in wordpress (CVE-2026-10737). Confidential information can be exposed externally.
CVE-2026-10777 A vulnerability was identified in ealpha072 Student-Management-System up to...
A vulnerability was identified in ealpha072 Student-Management-System up to...
CVE-2026-7888 Unsafe Deserialization in CVE-2026-7888 (CVE-2026-7888)
vulnerability in CVE-2026-7888 (CVE-2026-7888). Risk of unauthorized operations or information disclosure.
CVE-2026-10704 Vulnerability in sqli (CVE-2026-10704)
vulnerability in sqli (CVE-2026-10704). Risk of unauthorized operations or information disclosure.
CVE-2026-10694 Vulnerability in CVE-2026-10694 (CVE-2026-10694)
vulnerability in CVE-2026-10694 (CVE-2026-10694). Risk of unauthorized operations or information disclosure.
CVE-2026-25861 Vulnerability in CVE-2026-25861 (CVE-2026-25861)
vulnerability in CVE-2026-25861 (CVE-2026-25861). Confidential information can be exposed externally.
CVE-2026-10620 Vulnerability in sqli (CVE-2026-10620)
vulnerability in sqli (CVE-2026-10620). Risk of unauthorized operations or information disclosure.
CVE-2026-10624 Vulnerability in CVE-2026-10624 (CVE-2026-10624)
vulnerability in CVE-2026-10624 (CVE-2026-10624). Risk of unauthorized operations or information disclosure.
CVE-2026-1829 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
CVE-2026-10607 Vulnerability in sqli (CVE-2026-10607)
vulnerability in sqli (CVE-2026-10607). Risk of unauthorized operations or information disclosure.
CVE-2026-10608 Vulnerability in sqli (CVE-2026-10608)
vulnerability in sqli (CVE-2026-10608). Risk of unauthorized operations or information disclosure.
CVE-2026-10606 Vulnerability in sqli (CVE-2026-10606)
vulnerability in sqli (CVE-2026-10606). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →