Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: php Clear
ID Title
CVE-2026-48215 Cross-Site Scripting (XSS) in CVE-2026-48215 (CVE-2026-48215)
cross-site scripting in CVE-2026-48215 (CVE-2026-48215). Risk of unauthorized operations or information disclosure.
CVE-2026-48214 Cross-Site Scripting (XSS) in CVE-2026-48214 (CVE-2026-48214)
cross-site scripting in CVE-2026-48214 (CVE-2026-48214). Risk of unauthorized operations or information disclosure.
CVE-2026-48213 Cross-Site Scripting (XSS) in CVE-2026-48213 (CVE-2026-48213)
cross-site scripting in CVE-2026-48213 (CVE-2026-48213). Risk of unauthorized operations or information disclosure.
CVE-2026-6279 Vulnerability in wordpress (CVE-2026-6279)
vulnerability in wordpress (CVE-2026-6279). Successful exploitation can lead to full system takeover. Exploitable via ``wp_conditional_tags``.
CVE-2026-35016 Cross-Site Scripting (XSS) in CVE-2026-35016 (CVE-2026-35016)
cross-site scripting in CVE-2026-35016 (CVE-2026-35016). Risk of unauthorized operations or information disclosure.
CVE-2026-35015 Cross-Site Scripting (XSS) in CVE-2026-35015 (CVE-2026-35015)
cross-site scripting in CVE-2026-35015 (CVE-2026-35015). Risk of unauthorized operations or information disclosure.
CVE-2026-35014 Cross-Site Scripting (XSS) in CVE-2026-35014 (CVE-2026-35014)
cross-site scripting in CVE-2026-35014 (CVE-2026-35014). Risk of unauthorized operations or information disclosure.
CVE-2026-35013 Cross-Site Scripting (XSS) in CVE-2026-35013 (CVE-2026-35013)
cross-site scripting in CVE-2026-35013 (CVE-2026-35013). Risk of unauthorized operations or information disclosure.
CVE-2026-35012 Cross-Site Scripting (XSS) in CVE-2026-35012 (CVE-2026-35012)
cross-site scripting in CVE-2026-35012 (CVE-2026-35012). Risk of unauthorized operations or information disclosure.
CVE-2026-35011 Cross-Site Scripting (XSS) in CVE-2026-35011 (CVE-2026-35011)
cross-site scripting in CVE-2026-35011 (CVE-2026-35011). Risk of unauthorized operations or information disclosure.
CVE-2026-35010 Cross-Site Scripting (XSS) in CVE-2026-35010 (CVE-2026-35010)
cross-site scripting in CVE-2026-35010 (CVE-2026-35010). Risk of unauthorized operations or information disclosure.
CVE-2026-35009 Cross-Site Scripting (XSS) in CVE-2026-35009 (CVE-2026-35009)
cross-site scripting in CVE-2026-35009 (CVE-2026-35009). Risk of unauthorized operations or information disclosure.
CVE-2026-35008 Cross-Site Scripting (XSS) in CVE-2026-35008 (CVE-2026-35008)
cross-site scripting in CVE-2026-35008 (CVE-2026-35008). Risk of unauthorized operations or information disclosure.
CVE-2026-35007 Cross-Site Scripting (XSS) in CVE-2026-35007 (CVE-2026-35007)
cross-site scripting in CVE-2026-35007 (CVE-2026-35007). Risk of unauthorized operations or information disclosure.
CVE-2026-35676 Vulnerability in thorsten/phpmyfaq (CVE-2026-35676)
vulnerability in thorsten/phpmyfaq (CVE-2026-35676). Data can be tampered with by attackers. Exploitable via `PUT /api/index.php/user/password/update`. Mitigation: upgrade to `4.1.3` or later.
CVE-2026-24425 Vulnerability in twig/twig (CVE-2026-24425)
vulnerability in twig/twig (CVE-2026-24425). Successful exploitation can lead to full system takeover. Exploitable via ``SourcePolicyInterface``. Mitigation: upgrade to `3.26.0` or later.
CVE-2026-6405 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6405)
vulnerability in wordpress (CVE-2026-6405). Risk of unauthorized operations or information disclosure.
CVE-2026-7522 Vulnerability in wordpress (CVE-2026-7522)
vulnerability in wordpress (CVE-2026-7522). Successful exploitation can lead to full system takeover.
CVE-2026-7637 Unsafe Deserialization in wordpress (CVE-2026-7637)
vulnerability in wordpress (CVE-2026-7637). Successful exploitation can lead to full system takeover.
CVE-2026-8626 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8626)
cross-site scripting in wordpress (CVE-2026-8626). Risk of unauthorized operations or information disclosure.
CVE-2026-7472 SQL Injection in wordpress (CVE-2026-7472)
SQL injection in wordpress (CVE-2026-7472). Confidential information can be exposed externally.
CVE-2026-6555 Unrestricted File Upload in wordpress (CVE-2026-6555)
vulnerability in wordpress (CVE-2026-6555). Successful exploitation can lead to full system takeover.
CVE-2026-6456 Authentication Bypass in wordpress (CVE-2026-6456)
authentication bypass in wordpress (CVE-2026-6456). Successful exploitation can lead to full system takeover. Exploitable via ``rememberLogin``.
CVE-2026-6401 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6401)
vulnerability in wordpress (CVE-2026-6401). Risk of unauthorized operations or information disclosure.
CVE-2026-6072 Vulnerability in wordpress (CVE-2026-6072)
vulnerability in wordpress (CVE-2026-6072). Confidential information can be exposed externally.
CVE-2026-34246 Vulnerability in privilege-escalation (CVE-2026-34246)
vulnerability in privilege-escalation (CVE-2026-34246). Risk of unauthorized operations or information disclosure.
CVE-2026-34234 OS Command Injection in CVE-2026-34234 (CVE-2026-34234)
OS command injection in CVE-2026-34234 (CVE-2026-34234). Successful exploitation can lead to full system takeover.
CVE-2026-34216 Vulnerability in CVE-2026-34216 (CVE-2026-34216)
vulnerability in CVE-2026-34216 (CVE-2026-34216). Successful exploitation can lead to full system takeover.
CVE-2026-45802 Vulnerability in setasign/fpdi (CVE-2026-45802)
vulnerability in setasign/fpdi (CVE-2026-45802). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.6.7` or later.
CVE-2026-46357 Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357). Risk of unauthorized operations or information disclosure. Exploitable via ``createSite``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46337 Path Traversal in WWBN/AVideo (CVE-2026-46337)
path traversal in WWBN/AVideo (CVE-2026-46337). Risk of unauthorized operations or information disclosure. Exploitable via `GET /view/img/image404Raw.php`.
CVE-2026-46511 Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511). Risk of unauthorized operations or information disclosure. Exploitable via ``jwt``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46396 Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-46396)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-46396). Risk of unauthorized operations or information disclosure. Exploitable via ``src``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46395 Information Disclosure in @haxtheweb/haxcms-nodejs (CVE-2026-46395)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46395). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46391 Vulnerability in @haxtheweb/open-apis (CVE-2026-46391)
vulnerability in @haxtheweb/open-apis (CVE-2026-46391). Risk of unauthorized operations or information disclosure. Exploitable via ``cloudflared``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46496 Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496). Risk of unauthorized operations or information disclosure. Exploitable via ``source``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46393 SSRF (Server-Side Request Forgery) in @haxtheweb/haxcms-nodejs (CVE-2026-46393)
SSRF in @haxtheweb/haxcms-nodejs (CVE-2026-46393). Risk of unauthorized operations or information disclosure. Exploitable via `POST /createSite`. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-43633 Unsafe Deserialization in deserialization (CVE-2026-43633)
vulnerability in deserialization (CVE-2026-43633). Successful exploitation can lead to full system takeover.
CVE-2026-42099 Vulnerability in sparxsystems (CVE-2026-42099)
vulnerability in sparxsystems (CVE-2026-42099). Successful exploitation can lead to full system takeover.
CVE-2026-8912 SQL Injection in wordpress (CVE-2026-8912)
SQL injection in wordpress (CVE-2026-8912). Confidential information can be exposed externally.
CVE-2026-4883 Unrestricted File Upload in wordpress (CVE-2026-4883)
vulnerability in wordpress (CVE-2026-4883). Successful exploitation can lead to full system takeover.
CVE-2026-8727 Unsafe Deserialization in tomasnorre/crawler (CVE-2026-8727)
vulnerability in tomasnorre/crawler (CVE-2026-8727). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.0.13` or later.
CVE-2026-46725 Unsafe Deserialization in mmc/ceselector (CVE-2026-46725)
vulnerability in mmc/ceselector (CVE-2026-46725). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.3` or later.
CVE-2026-4885 Unrestricted File Upload in wordpress (CVE-2026-4885)
vulnerability in wordpress (CVE-2026-4885). Successful exploitation can lead to full system takeover.
CVE-2026-27891 FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...
CVE-2026-45731 Path Traversal in WWBN/AVideo (CVE-2026-45731)
path traversal in WWBN/AVideo (CVE-2026-45731). Confidential information can be exposed externally. Exploitable via `POST /view/update.php`.
CVE-2026-29962 Vulnerability in path-traversal (CVE-2026-29962)
vulnerability in path-traversal (CVE-2026-29962). Confidential information can be exposed externally.
CVE-2026-29964 Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29964)
cross-site scripting in hsclabs (CVE-2026-29964). Risk of unauthorized operations or information disclosure.
CVE-2026-29963 Path Traversal in path-traversal (CVE-2026-29963)
path traversal in path-traversal (CVE-2026-29963). Confidential information can be exposed externally.
CVE-2026-29965 Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29965)
cross-site scripting in hsclabs (CVE-2026-29965). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →