Skip to main content

PHP

24729 CVEs product

Monthly

CVE-2026-26883 LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-2448 HIGH This Week

Page Builder by SiteOrigin (WordPress plugin) versions up to 2.33.5 is affected by path traversal (CVSS 8.8).

WordPress PHP Path Traversal RCE Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26713 CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in cancel-order.

PHP SQLi Simple Food Order System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26712 CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in view-ticket-admin.

PHP SQLi Simple Food Order System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26711 CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in view-ticket.

PHP SQLi Simple Food Order System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26710 CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in edit-order.

PHP SQLi Simple Food Order System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26709 CRITICAL POC Act Now

Simple Gym Management System v1.0 has SQL injection in trainer search.

PHP SQLi Simple Gym Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26707 CRITICAL POC Act Now

Pharmacy POS has a fifth SQL injection in view_sales.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26706 CRITICAL POC Act Now

Pharmacy POS has a fourth SQL injection in view_reports.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26705 CRITICAL POC Act Now

Pharmacy POS has a third SQL injection in view_products.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26704 CRITICAL POC Act Now

Pharmacy POS has a second SQL injection in view_categories.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26708 CRITICAL POC Act Now

Pharmacy Point of Sale System v1.0 has SQL injection in manage endpoints.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26700 CRITICAL POC Act Now

Personnel Property Equipment System has a fourth SQL injection.

PHP SQLi Personnel Property Equipment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26701 CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has a third SQL injection.

PHP SQLi Personnel Property Equipment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26699 HIGH POC This Week

Arbitrary code execution in Personnel Property Equipment System v1.0 allows authenticated attackers with high privileges to execute malicious code through the admin picture upload functionality. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can achieve complete compromise of confidentiality, integrity, and availability on affected systems.

PHP Personnel Property Equipment System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-52564 MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. [CVSS 6.1 MEDIUM]

PHP Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52563 MEDIUM This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/add_users_to_session.php endpoint. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52476 MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52475 MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52470 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. [CVSS 4.8 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-50199 CRITICAL POC Act Now

Chamilo LMS prior to 1.11.30 has a blind SSRF vulnerability enabling internal network reconnaissance from the learning platform.

PHP SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-50198 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. [CVSS 4.9 MEDIUM]

PHP Deserialization Chamilo Lms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-50197 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50196 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-50195 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50194 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50193 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2026-26703 CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has a second SQL injection in a different admin endpoint.

PHP SQLi Personnel Property Equipment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26702 CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has SQL injection in admin panel.

PHP SQLi Personnel Property Equipment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26696 CRITICAL POC Act Now

Simple Student Alumni System v1.0 has a third SQL injection.

PHP SQLi Simple Student Alumni System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26695 CRITICAL POC Act Now

Simple Student Alumni System v1.0 has SQL injection in record_search.php.

PHP SQLi Simple Student Alumni System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26694 CRITICAL POC Act Now

Simple Student Alumni System v1.0 has SQL injection in modal_view.php.

PHP SQLi Simple Student Alumni System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-50192 CRITICAL POC PATCH Act Now

Chamilo LMS prior to 1.11.30 has a time-based SQL injection in a different endpoint, providing an additional database extraction vector.

PHP SQLi Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-50191 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. [CVSS 7.2 HIGH]

PHP SQLi Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-50190 CRITICAL POC PATCH Act Now

Chamilo LMS prior to 1.11.30 has an error-based SQL injection enabling database extraction.

PHP SQLi Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-50189 HIGH POC PATCH This Week

Chamilo is a learning management system. [CVSS 8.8 HIGH]

PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-50188 HIGH POC PATCH This Week

Chamilo is a learning management system. [CVSS 7.2 HIGH]

PHP Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-26698 MEDIUM POC This Month

SQL injection in Simple Student Alumni System v1.0's modal_edit.php endpoint allows authenticated administrators to extract sensitive database information through unauthenticated network requests. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires high-level privileges but can bypass intended access controls to read confidential data.

PHP SQLi Simple Student Alumni System
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-26697 MEDIUM POC This Month

Simple Student Alumni System v1.0 contains a SQL injection vulnerability in the recordteacher_view.php endpoint that allows authenticated administrators to extract sensitive data from the underlying database. Public exploit code exists for this vulnerability, though a patch is currently unavailable. The attack requires high-level administrative privileges but can be executed remotely without user interaction.

PHP SQLi Simple Student Alumni System
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-3413 MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the ID parameter in /admin_single_student.php allows unauthenticated remote attackers to manipulate database queries with public exploit code currently available. The vulnerability enables attackers to read, modify, or delete sensitive academic and administrative data without authentication. No patch is currently available for this PHP-based application.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3412 LOW POC Monitor

University Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3411 MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the ID parameter in /admin_single_student_update.php allows unauthenticated remote attackers to manipulate database queries and potentially extract or modify sensitive student records. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected institutions at immediate risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3410 MEDIUM POC This Month

Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3406 MEDIUM POC This Month

SQL injection in Online Art Gallery Shop 1.0 via the fname parameter in /admin/registration.php enables unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected PHP installations at immediate risk of data compromise or unauthorized access.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3403 LOW POC Monitor

A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. [CVSS 2.4 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-3402 LOW POC Monitor

A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. [CVSS 2.4 LOW]

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-3395 MEDIUM PATCH This Month

Maxsite Cms versions up to 109.1. contains a vulnerability that allows attackers to code injection (CVSS 7.3).

PHP Code Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-13673 HIGH This Week

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 7.5 HIGH]

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2471 HIGH This Week

Unauthenticated attackers can inject malicious serialized PHP objects into the WP Mail Logging plugin (versions up to 1.15.0) through email forms, exploiting unsafe deserialization in the BaseModel class. When administrators view the logged emails, the injected payload deserializes into arbitrary PHP objects, potentially enabling code execution if leveraged with gadget chains from other installed plugins or themes. No patch is currently available.

WordPress PHP Deserialization
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-1542 MEDIUM This Month

Super Stage WP WordPre versions up to 1.0.1 is affected by deserialization of untrusted data (CVSS 6.5).

WordPress PHP Deserialization
NVD WPScan
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-28517 CRITICAL POC PATCH Act Now

Remote code execution in openDCIM 23.04 allows unauthenticated attackers to execute arbitrary OS commands as the web server user by poisoning the 'dot' configuration parameter in the database, then triggering execution via report_network_map.php. Public exploit code exists with a documented SQL injection to command injection attack chain. EPSS score of 0.57% (68th percentile) suggests moderate but not widespread exploitation probability, though the publicly available weaponized exploit significantly elevates real-world risk for exposed instances.

PHP Command Injection Opendcim
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.6%
CVE-2026-28516 CRITICAL POC PATCH Act Now

SQL injection in openDCIM 23.04 (up to commit 4467e9c4) lets attackers execute arbitrary SQL through the Config::UpdateParameter routine, which the install.php and container-install.php handlers reach with unsanitized, string-interpolated input. Publicly available exploit code exists (Chocapikk PoC and write-up) demonstrating a chain from SQLi to remote code execution, though it is not listed in CISA KEV and EPSS rates real-world exploitation probability at only 0.04%. Note a data conflict: the CVSS 4.0 vector encodes PR:N (unauthenticated) while the description states an authenticated user is required.

PHP SQLi Opendcim
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-28515 CRITICAL POC PATCH Act Now

Missing authorization in openDCIM 23.04 (through commit 4467e9c4) lets any authenticated user — regardless of assigned role — reach LDAP configuration handling in install.php and container-install.php, and where REMOTE_USER is trusted without real authentication enforcement the endpoints may be reachable with no credentials at all. Because the same installer path also chains into a SQL injection in the configuration-update routine and a command injection in report_network_map.php (both fixed in the same PR), the broken access control is a stepping stone to full remote code execution. Publicly available exploit code exists (Chocapikk's 'SQLi to RCE' write-up and PoC); EPSS is low at 0.22% (44th percentile) and the CVE is not listed in CISA KEV, so no confirmed active exploitation.

PHP Opendcim Authentication Bypass
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-28411 CRITICAL POC Act Now

Authentication bypass via unsafe extract() function in WeGIA before 3.6.5. The extract() call on user-controlled data allows overwriting authentication variables. EPSS 0.7% with PoC available.

PHP Authentication Bypass Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-28408 CRITICAL POC Act Now

Authentication bypass in WeGIA charitable institution management system before 3.6.5. The adicionar_tipo_docs_atendido.php script lacks authentication, allowing unauthorized access. PoC available.

PHP Golang Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28354 MEDIUM POC This Month

Unauthorized collection manipulation in ClipBucket v5 prior to 5.5.3 #59 allows authenticated attackers to add or remove items from other users' collections due to missing and broken authorization checks in the add and delete item functions. An attacker with valid credentials can exploit this to alter collections they do not own without restriction. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP Clipbucket
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27832 HIGH This Week

SQL injection in Group Office email template selection endpoint allows authenticated attackers to extract sensitive data from the database through the unvalidated comparator parameter in advancedQueryData. An attacker with valid credentials can perform blind boolean-based attacks to exfiltrate password hashes from the core_auth_password table. Affected versions prior to 26.0.8, 25.0.87, and 6.8.153 require immediate patching.

PHP SQLi Group Office
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2019-25497 HIGH POC This Week

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. [CVSS 8.2 HIGH]

PHP SQLi Oscommerce
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25496 HIGH POC This Week

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Oscommerce
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25495 HIGH POC This Week

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Oscommerce
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25493 HIGH POC This Week

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. [CVSS 8.2 HIGH]

PHP SQLi Airbnb Clone Script
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25492 HIGH POC This Week

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. [CVSS 8.2 HIGH]

PHP SQLi Airbnb Clone Script
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25491 HIGH POC This Week

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. [CVSS 8.2 HIGH]

PHP SQLi Airbnb Clone Script
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25490 HIGH POC This Week

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. [CVSS 8.2 HIGH]

PHP SQLi Airbnb Clone Script
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-25147 HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 allow authenticated portal users to access other patients' protected health information through insecure direct object references (IDOR) in the payment portal, enabling horizontal privilege escalation to view and modify another patient's demographics, invoices, and payment history. The vulnerability stems from accepting patient ID values from user-controlled request parameters instead of validating against the authenticated user's session. Public exploit code exists for this vulnerability.

PHP Privilege Escalation Openemr
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-14142 MEDIUM This Month

The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button' parameter of the electric-enquiry shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2024-10938 MEDIUM This Month

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. [CVSS 6.5 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-3302 LOW POC Monitor

Cross-site scripting (XSS) in SourceCodester Doctor Appointment System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the Email parameter in the /register.php Sign Up Page. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The lack of an available patch leaves affected systems vulnerable to session hijacking and credential theft.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-14149 MEDIUM This Month

The Xpro Addons - 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-14040 MEDIUM This Month

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-12981 CRITICAL Act Now

Privilege escalation in Listee WordPress theme allows unauthenticated attackers to gain administrator access. All versions up to 1.1.6 affected.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-3292 LOW POC Monitor

SQL injection in jizhiCMS up to version 2.5.6 via the findAll function in the Model.php batch interface allows authenticated remote attackers to manipulate database queries and potentially access or modify sensitive data. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The flaw requires valid user credentials but can be exploited over the network with minimal additional complexity.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2428 HIGH This Week

Fluent Forms Pro Add On Pack for WordPress versions up to 6.1.17 fail to verify PayPal Instant Payment Notifications by default, allowing unauthenticated attackers to forge payment confirmations and mark unpaid submissions as paid. An attacker can exploit this to trigger post-payment automation including email delivery, access grants, and digital product distribution without actual payment. The vulnerability affects all installations that have not manually enabled IPN verification and currently lacks a patch.

WordPress PHP
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3261 MEDIUM POC This Month

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /settings/index.php allows unauthenticated remote attackers to manipulate database queries and potentially read or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. Organizations running affected versions should implement access controls or upgrade immediately to mitigate the risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-22206 HIGH This Week

SQL injection in SPIP prior to 4.4.10 enables authenticated users with low privileges to execute arbitrary SQL commands and achieve remote code execution through union-based injection combined with PHP tag processing. The vulnerability affects SPIP and PHP environments, requiring only network access and valid credentials to exploit. No patch is currently available, presenting significant risk to production SPIP installations.

PHP RCE SQLi Spip
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-22205 HIGH This Week

Spip versions up to 4.4.10 contains a vulnerability that allows attackers to access protected information (CVSS 7.5).

PHP Authentication Bypass Spip
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-50857 CRITICAL Act Now

Directory traversal in ZenTaoPMS v18.11 through v21.6.beta allows arbitrary code execution through /module/ai/control.php. EPSS 0.76%.

PHP Path Traversal AI / ML
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-56605 MEDIUM This Month

A reflected Cross-Site Scripting (XSS) vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. [CVSS 5.4 MEDIUM]

PHP XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-1311 HIGH This Week

Remote code execution in WordPress Worry Proof Backup plugin through path traversal in the backup upload feature allows authenticated users with Subscriber privileges or higher to write arbitrary files, including PHP executables, to the server by uploading specially crafted ZIP archives. The vulnerability affects all versions up to 0.2.4 and currently has no available patch, enabling attackers to achieve full server compromise.

WordPress PHP RCE Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-27968 MEDIUM PATCH This Month

Packistry versions prior to 0.13.0 fail to validate token expiration in the RepositoryAwareController::authorize() function, allowing attackers with expired deploy tokens to maintain unauthorized access to repository endpoints and package metadata. An authenticated attacker can leverage an expired token with valid abilities to interact with Composer APIs and potentially download or access sensitive package information. This vulnerability affects self-hosted Packistry deployments and has been patched in version 0.13.0.

PHP Packistry
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27954 MEDIUM This Month

Live Helper Chat is an open-source application that enables live support websites. [CVSS 6.5 MEDIUM]

PHP Privilege Escalation Live Helper Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27613 CRITICAL PATCH Act Now

Unauthenticated command injection in TinyWeb HTTP/HTTPS server for Win32 before 2.01 allows remote attackers to execute arbitrary commands. Patch available.

PHP RCE Tinyweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25476 HIGH POC PATCH This Week

OpenEMR prior to version 8.0.0 fails to enforce session expiration when the skip_timeout_reset parameter is present in requests, allowing expired sessions to remain active indefinitely. An attacker with a stolen session cookie can exploit this by continuously sending the skip_timeout_reset parameter to maintain unauthorized access to sensitive health records without being logged out. Public exploit code exists for this vulnerability with a CVSS score of 7.5.

PHP Openemr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25220 MEDIUM POC PATCH This Month

OpenEMR versions prior to 8.0.0 allow any authenticated user to view all internal messages and notes from other users by exploiting insufficient authorization checks on the Message Center's `show_all` parameter. The vulnerability exists because the application does not verify administrator privileges before returning the complete message list, enabling unauthorized disclosure of sensitive medical communications. Public exploit code exists for this medium-severity information disclosure vulnerability.

PHP Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25164 HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 fail to enforce API authorization checks on document and insurance endpoints, allowing any authenticated API client to read and modify all patient PHI regardless of assigned access controls. Public exploit code exists for this vulnerability, which affects healthcare organizations using OpenEMR's REST API. An attacker with valid API credentials can access sensitive medical records and insurance information across the entire patient database.

PHP Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-2301 MEDIUM This Month

Protected post metadata injection in Post Duplicator plugin for WordPress allows authenticated contributors and higher-privileged users to arbitrarily set sensitive meta keys like _wp_page_template on duplicated posts by bypassing WordPress's standard metadata protection mechanisms. The vulnerability exists in versions up to 3.0.8 due to direct database insertion instead of using WordPress's protected metadata validation function. Attackers can exploit this through the customMetaData parameter in the REST API endpoint to manipulate post properties and potentially compromise site functionality.

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-14742 MEDIUM This Month

WP Recipe Maker (WordPress plugin) is affected by authorization bypass through user-controlled key (CVSS 4.3).

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3171 LOW POC Monitor

Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 3.5).

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1929 HIGH This Week

Remote code execution in Advanced Woo Labels plugin for WordPress through version 2.37 allows authenticated users with Contributor access or higher to execute arbitrary PHP functions and system commands via an unsanitized callback parameter in an AJAX handler. The vulnerability stems from improper use of call_user_func_array() without adequate input validation or capability restrictions. No patch is currently available for this high-severity flaw affecting WordPress environments.

WordPress PHP RCE
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-3170 LOW POC Monitor

Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 2.4).

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
EPSS 0% CVSS 2.7
LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Page Builder by SiteOrigin (WordPress plugin) versions up to 2.33.5 is affected by path traversal (CVSS 8.8).

WordPress PHP Path Traversal +2
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in cancel-order.

PHP SQLi Simple Food Order System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in view-ticket-admin.

PHP SQLi Simple Food Order System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in view-ticket.

PHP SQLi Simple Food Order System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in edit-order.

PHP SQLi Simple Food Order System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Gym Management System v1.0 has SQL injection in trainer search.

PHP SQLi Simple Gym Management System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Pharmacy POS has a fifth SQL injection in view_sales.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Pharmacy POS has a fourth SQL injection in view_reports.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Pharmacy POS has a third SQL injection in view_products.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Pharmacy POS has a second SQL injection in view_categories.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Pharmacy Point of Sale System v1.0 has SQL injection in manage endpoints.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Personnel Property Equipment System has a fourth SQL injection.

PHP SQLi Personnel Property Equipment System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has a third SQL injection.

PHP SQLi Personnel Property Equipment System
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

Arbitrary code execution in Personnel Property Equipment System v1.0 allows authenticated attackers with high privileges to execute malicious code through the admin picture upload functionality. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can achieve complete compromise of confidentiality, integrity, and availability on affected systems.

PHP Personnel Property Equipment System
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. [CVSS 6.1 MEDIUM]

PHP Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/add_users_to_session.php endpoint. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. [CVSS 4.8 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

Chamilo LMS prior to 1.11.30 has a blind SSRF vulnerability enabling internal network reconnaissance from the learning platform.

PHP SSRF Chamilo Lms
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. [CVSS 4.9 MEDIUM]

PHP Deserialization Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has a second SQL injection in a different admin endpoint.

PHP SQLi Personnel Property Equipment System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has SQL injection in admin panel.

PHP SQLi Personnel Property Equipment System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Student Alumni System v1.0 has a third SQL injection.

PHP SQLi Simple Student Alumni System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Student Alumni System v1.0 has SQL injection in record_search.php.

PHP SQLi Simple Student Alumni System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Student Alumni System v1.0 has SQL injection in modal_view.php.

PHP SQLi Simple Student Alumni System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Chamilo LMS prior to 1.11.30 has a time-based SQL injection in a different endpoint, providing an additional database extraction vector.

PHP SQLi Chamilo Lms
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. [CVSS 7.2 HIGH]

PHP SQLi Chamilo Lms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Chamilo LMS prior to 1.11.30 has an error-based SQL injection enabling database extraction.

PHP SQLi Chamilo Lms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Chamilo is a learning management system. [CVSS 8.8 HIGH]

PHP Chamilo Lms
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. [CVSS 7.2 HIGH]

PHP Chamilo Lms
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM POC This Month

SQL injection in Simple Student Alumni System v1.0's modal_edit.php endpoint allows authenticated administrators to extract sensitive database information through unauthenticated network requests. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires high-level privileges but can bypass intended access controls to read confidential data.

PHP SQLi Simple Student Alumni System
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM POC This Month

Simple Student Alumni System v1.0 contains a SQL injection vulnerability in the recordteacher_view.php endpoint that allows authenticated administrators to extract sensitive data from the underlying database. Public exploit code exists for this vulnerability, though a patch is currently unavailable. The attack requires high-level administrative privileges but can be executed remotely without user interaction.

PHP SQLi Simple Student Alumni System
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the ID parameter in /admin_single_student.php allows unauthenticated remote attackers to manipulate database queries with public exploit code currently available. The vulnerability enables attackers to read, modify, or delete sensitive academic and administrative data without authentication. No patch is currently available for this PHP-based application.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

University Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).

PHP XSS
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the ID parameter in /admin_single_student_update.php allows unauthenticated remote attackers to manipulate database queries and potentially extract or modify sensitive student records. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected institutions at immediate risk.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in Online Art Gallery Shop 1.0 via the fname parameter in /admin/registration.php enables unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected PHP installations at immediate risk of data compromise or unauthorized access.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. [CVSS 2.4 LOW]

PHP XSS
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. [CVSS 2.4 LOW]

PHP XSS
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Maxsite Cms versions up to 109.1. contains a vulnerability that allows attackers to code injection (CVSS 7.3).

PHP Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 7.5 HIGH]

WordPress SQLi PHP
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated attackers can inject malicious serialized PHP objects into the WP Mail Logging plugin (versions up to 1.15.0) through email forms, exploiting unsafe deserialization in the BaseModel class. When administrators view the logged emails, the injected payload deserializes into arbitrary PHP objects, potentially enabling code execution if leveraged with gadget chains from other installed plugins or themes. No patch is currently available.

WordPress PHP Deserialization
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Super Stage WP WordPre versions up to 1.0.1 is affected by deserialization of untrusted data (CVSS 6.5).

WordPress PHP Deserialization
NVD WPScan
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

Remote code execution in openDCIM 23.04 allows unauthenticated attackers to execute arbitrary OS commands as the web server user by poisoning the 'dot' configuration parameter in the database, then triggering execution via report_network_map.php. Public exploit code exists with a documented SQL injection to command injection attack chain. EPSS score of 0.57% (68th percentile) suggests moderate but not widespread exploitation probability, though the publicly available weaponized exploit significantly elevates real-world risk for exposed instances.

PHP Command Injection Opendcim
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

SQL injection in openDCIM 23.04 (up to commit 4467e9c4) lets attackers execute arbitrary SQL through the Config::UpdateParameter routine, which the install.php and container-install.php handlers reach with unsanitized, string-interpolated input. Publicly available exploit code exists (Chocapikk PoC and write-up) demonstrating a chain from SQLi to remote code execution, though it is not listed in CISA KEV and EPSS rates real-world exploitation probability at only 0.04%. Note a data conflict: the CVSS 4.0 vector encodes PR:N (unauthenticated) while the description states an authenticated user is required.

PHP SQLi Opendcim
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Missing authorization in openDCIM 23.04 (through commit 4467e9c4) lets any authenticated user — regardless of assigned role — reach LDAP configuration handling in install.php and container-install.php, and where REMOTE_USER is trusted without real authentication enforcement the endpoints may be reachable with no credentials at all. Because the same installer path also chains into a SQL injection in the configuration-update routine and a command injection in report_network_map.php (both fixed in the same PR), the broken access control is a stepping stone to full remote code execution. Publicly available exploit code exists (Chocapikk's 'SQLi to RCE' write-up and PoC); EPSS is low at 0.22% (44th percentile) and the CVE is not listed in CISA KEV, so no confirmed active exploitation.

PHP Opendcim Authentication Bypass
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Authentication bypass via unsafe extract() function in WeGIA before 3.6.5. The extract() call on user-controlled data allows overwriting authentication variables. EPSS 0.7% with PoC available.

PHP Authentication Bypass Wegia
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Authentication bypass in WeGIA charitable institution management system before 3.6.5. The adicionar_tipo_docs_atendido.php script lacks authentication, allowing unauthorized access. PoC available.

PHP Golang Wegia
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Unauthorized collection manipulation in ClipBucket v5 prior to 5.5.3 #59 allows authenticated attackers to add or remove items from other users' collections due to missing and broken authorization checks in the add and delete item functions. An attacker with valid credentials can exploit this to alter collections they do not own without restriction. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP Clipbucket
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

SQL injection in Group Office email template selection endpoint allows authenticated attackers to extract sensitive data from the database through the unvalidated comparator parameter in advancedQueryData. An attacker with valid credentials can perform blind boolean-based attacks to exfiltrate password hashes from the core_auth_password table. Affected versions prior to 26.0.8, 25.0.87, and 6.8.153 require immediate patching.

PHP SQLi Group Office
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC This Week

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. [CVSS 8.2 HIGH]

PHP SQLi Oscommerce
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Oscommerce
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Oscommerce
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. [CVSS 8.2 HIGH]

PHP SQLi Airbnb Clone Script
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. [CVSS 8.2 HIGH]

PHP SQLi Airbnb Clone Script
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. [CVSS 8.2 HIGH]

PHP SQLi Airbnb Clone Script
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. [CVSS 8.2 HIGH]

PHP SQLi Airbnb Clone Script
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 allow authenticated portal users to access other patients' protected health information through insecure direct object references (IDOR) in the payment portal, enabling horizontal privilege escalation to view and modify another patient's demographics, invoices, and payment history. The vulnerability stems from accepting patient ID values from user-controlled request parameters instead of validating against the authenticated user's session. Public exploit code exists for this vulnerability.

PHP Privilege Escalation Openemr
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button' parameter of the electric-enquiry shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. [CVSS 6.5 MEDIUM]

WordPress PHP
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Cross-site scripting (XSS) in SourceCodester Doctor Appointment System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the Email parameter in the /register.php Sign Up Page. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The lack of an available patch leaves affected systems vulnerable to session hijacking and credential theft.

PHP XSS
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

The Xpro Addons - 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in Listee WordPress theme allows unauthenticated attackers to gain administrator access. All versions up to 1.1.6 affected.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in jizhiCMS up to version 2.5.6 via the findAll function in the Model.php batch interface allows authenticated remote attackers to manipulate database queries and potentially access or modify sensitive data. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The flaw requires valid user credentials but can be exploited over the network with minimal additional complexity.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Fluent Forms Pro Add On Pack for WordPress versions up to 6.1.17 fail to verify PayPal Instant Payment Notifications by default, allowing unauthenticated attackers to forge payment confirmations and mark unpaid submissions as paid. An attacker can exploit this to trigger post-payment automation including email delivery, access grants, and digital product distribution without actual payment. The vulnerability affects all installations that have not manually enabled IPN verification and currently lacks a patch.

WordPress PHP
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /settings/index.php allows unauthenticated remote attackers to manipulate database queries and potentially read or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. Organizations running affected versions should implement access controls or upgrade immediately to mitigate the risk.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

SQL injection in SPIP prior to 4.4.10 enables authenticated users with low privileges to execute arbitrary SQL commands and achieve remote code execution through union-based injection combined with PHP tag processing. The vulnerability affects SPIP and PHP environments, requiring only network access and valid credentials to exploit. No patch is currently available, presenting significant risk to production SPIP installations.

PHP RCE SQLi +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Spip versions up to 4.4.10 contains a vulnerability that allows attackers to access protected information (CVSS 7.5).

PHP Authentication Bypass Spip
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Directory traversal in ZenTaoPMS v18.11 through v21.6.beta allows arbitrary code execution through /module/ai/control.php. EPSS 0.76%.

PHP Path Traversal AI / ML
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

A reflected Cross-Site Scripting (XSS) vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. [CVSS 5.4 MEDIUM]

PHP XSS
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in WordPress Worry Proof Backup plugin through path traversal in the backup upload feature allows authenticated users with Subscriber privileges or higher to write arbitrary files, including PHP executables, to the server by uploading specially crafted ZIP archives. The vulnerability affects all versions up to 0.2.4 and currently has no available patch, enabling attackers to achieve full server compromise.

WordPress PHP RCE +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Packistry versions prior to 0.13.0 fail to validate token expiration in the RepositoryAwareController::authorize() function, allowing attackers with expired deploy tokens to maintain unauthorized access to repository endpoints and package metadata. An authenticated attacker can leverage an expired token with valid abilities to interact with Composer APIs and potentially download or access sensitive package information. This vulnerability affects self-hosted Packistry deployments and has been patched in version 0.13.0.

PHP Packistry
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Live Helper Chat is an open-source application that enables live support websites. [CVSS 6.5 MEDIUM]

PHP Privilege Escalation Live Helper Chat
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated command injection in TinyWeb HTTP/HTTPS server for Win32 before 2.01 allows remote attackers to execute arbitrary commands. Patch available.

PHP RCE Tinyweb
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

OpenEMR prior to version 8.0.0 fails to enforce session expiration when the skip_timeout_reset parameter is present in requests, allowing expired sessions to remain active indefinitely. An attacker with a stolen session cookie can exploit this by continuously sending the skip_timeout_reset parameter to maintain unauthorized access to sensitive health records without being logged out. Public exploit code exists for this vulnerability with a CVSS score of 7.5.

PHP Openemr
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

OpenEMR versions prior to 8.0.0 allow any authenticated user to view all internal messages and notes from other users by exploiting insufficient authorization checks on the Message Center's `show_all` parameter. The vulnerability exists because the application does not verify administrator privileges before returning the complete message list, enabling unauthorized disclosure of sensitive medical communications. Public exploit code exists for this medium-severity information disclosure vulnerability.

PHP Openemr
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 fail to enforce API authorization checks on document and insurance endpoints, allowing any authenticated API client to read and modify all patient PHI regardless of assigned access controls. Public exploit code exists for this vulnerability, which affects healthcare organizations using OpenEMR's REST API. An attacker with valid API credentials can access sensitive medical records and insurance information across the entire patient database.

PHP Openemr
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Protected post metadata injection in Post Duplicator plugin for WordPress allows authenticated contributors and higher-privileged users to arbitrarily set sensitive meta keys like _wp_page_template on duplicated posts by bypassing WordPress's standard metadata protection mechanisms. The vulnerability exists in versions up to 3.0.8 due to direct database insertion instead of using WordPress's protected metadata validation function. Attackers can exploit this through the customMetaData parameter in the REST API endpoint to manipulate post properties and potentially compromise site functionality.

WordPress PHP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

WP Recipe Maker (WordPress plugin) is affected by authorization bypass through user-controlled key (CVSS 4.3).

WordPress PHP
NVD
EPSS 0% CVSS 2.0
LOW POC Monitor

Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 3.5).

PHP XSS
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Advanced Woo Labels plugin for WordPress through version 2.37 allows authenticated users with Contributor access or higher to execute arbitrary PHP functions and system commands via an unsanitized callback parameter in an AJAX handler. The vulnerability stems from improper use of call_user_func_array() without adequate input validation or capability restrictions. No patch is currently available for this high-severity flaw affecting WordPress environments.

WordPress PHP RCE
NVD
EPSS 0% CVSS 1.9
LOW POC Monitor

Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 2.4).

PHP XSS
NVD GitHub VulDB
Prev Page 33 of 275 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy