Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-3070
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated malicious users to inject ...
9.8
CVSSv3
CVE-2024-25220
Task Manager App v1.0 exists to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.
Task Manager In Php With Source Code Project Task Manager In Php With Source Code 1.0
9.8
CVSSv3
CVE-2024-25222
Task Manager App v1.0 exists to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.
Task Manager In Php With Source Code Project Task Manager In Php With Source Code 1.0
9.8
CVSSv3
CVE-2024-25191
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
Zihanggao Php-jwt 1.0.0
9.8
CVSSv3
CVE-2023-6933
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated malicious users to inject a PHP Object. No POP chain is present in t...
Wpengine Better Search Replace
1 Github repository
9.8
CVSSv3
CVE-2023-6989
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated maliciou...
Getshieldsecurity Shield Security
9.8
CVSSv3
CVE-2024-24754
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parse...
Mnapoli Bref
9.8
CVSSv3
CVE-2024-22922
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe malicious user to escalate privileges via a crafted script to the login page in the POST/index.php
Projectworlds Visitor Management System In Php 1.0
9.8
CVSSv3
CVE-2024-22076
MyQ Print Server prior to 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface.
Myq-solution Print Server
Myq-solution Print Server 8.2
9.8
CVSSv3
CVE-2017-20189
In Clojure prior to 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.
Clojure Clojure
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »