Medium
CVE-2025-69606
Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in the `/painel/gateways.php/error` endpoint does not properly sanitize user-suppli…
Tag: PHP
All CVEs associated with "PHP". Page 6/311 • 37315 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37315 CVEs for this tag (all time). In the last 365 days, 6072 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-05-01
Medium
CVE-2026-42475
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `on` array to the joinOn function in BuildHelper.php.
Medium
CVE-2026-42474
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `data` array to the data function in BuildHelper.php.
High
CVE-2026-42471
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data received from the server response, enabling client-sid…
High
CVE-2026-37552
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it directly to Opis\Closure\unserialize(),…
Medium
CVE-2026-37505
SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy($sort, $sortType) wit…
Medium
CVE-2026-37504
Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmissi…
Medium
CVE-2026-37503
Cross-Site Scripting (XSS) in V2Board thru 1.7.4. The custom_html field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can injec…
High
CVE-2026-3772
The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'add_plugins_page' and '…
Medium
CVE-2026-7578
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. E…
Critical
CVE-2026-7567
The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() fun…
High
CVE-2026-7555
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql inje…
Medium
CVE-2026-7553
A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_exercises.php. The manipulation of the argumen…
High
CVE-2026-7550
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of the argument…
High
CVE-2026-7549
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_customer. Executing a manipulation of the argumen…
High
CVE-2026-7545
A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php of the component checkEmail Endpoi…
2026-04-30
Medium
CVE-2026-7508
A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulat…
High
CVE-2026-7506
A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument room_type le…
Medium
CVE-2026-7502
A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Ma…
Low
CVE-2026-7501
A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument p…
Critical
CVE-2025-71284
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and in…
Critical
CVE-2022-50993
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicio…
Medium
CVE-2026-38940
Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to execute arbitrary code via the detail_produk.php component
Medium
CVE-2026-38939
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the product_catalogue.php component
Medium
CVE-2026-6498
The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 This is due to the valid_payment() function…
Medium
CVE-2026-7447
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/le…
2026-04-29
Medium
CVE-2026-7410
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument…
Medium
CVE-2026-7409
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead to sql inject…
Medium
CVE-2026-7408
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Performing a manipulation r…
Medium
CVE-2026-7407
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save…
Medium
CVE-2026-7401
A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the com…
High
CVE-2026-34965
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privilege…
High
CVE-2018-25300
XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers c…
Medium
CVE-2026-7394
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component GET Parame…
Medium
CVE-2026-7393
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performin…
Medium
CVE-2026-7392
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function delete_supplier of the file /ajax.php?action=delete_supplier. Such manipulation of…
Medium
CVE-2026-7391
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save_supplier of the file /ajax.php?action=save_supplier. This manipulation of the argument…
Low
CVE-2026-7390
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the arg…
High
CVE-2026-7389
A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sort_asc leads…
Medium
CVE-2026-7388
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a m…
High
CVE-2026-38991
Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an au…
2026-04-28
Medium
CVE-2026-7317
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of…
Low
CVE-2026-7297
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation…
Low
CVE-2026-7296
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_order of the file /admin/ajax.php?action=save_order. Performing a manipulation of the argument…
Medium
CVE-2026-37750
A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the uns…
Low
CVE-2026-7295
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Such manipulation of the…
Low
CVE-2026-7294
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /admin/index.php?page=save_settings. This manipulation o…
Medium
CVE-2026-7293
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function delete_category of the file /admin/ajax.php?action=delete_category. The manipulation of the argum…
Medium
CVE-2026-7283
A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function save_expired of the file /ajax.php?action=save_expired. The manipulation of th…
Medium
CVE-2026-7282
A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete_expired of the file /ajax.php?action=delete_expired. The manipulation of the…
High
CVE-2026-27760
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements…
Low
CVE-2026-7281
A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation…
Low
CVE-2026-7269
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID…
Medium
CVE-2026-7268
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save_category of the file /admin/ajax.php?action=save_category. Such manipulation of the argum…
Medium
CVE-2026-7267
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects an unknown function of the file /view_prod.php. This manipulation of the argument ID causes sql injection. The attac…
Medium
CVE-2026-7266
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save_order of the file /admin/ajax.php?action=save_order. The manipulation of the arg…
Medium
CVE-2026-7265
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of…
Medium
CVE-2026-7264
A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get_cart_items of the file /admin/ajax.php?action=get_cart_items. Executing a manipulation of t…
Medium
CVE-2026-7238
A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unres…
Medium
CVE-2026-4911
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe() function passing user-controlled $_POST['amo…
Medium
CVE-2026-7229
A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manip…
High
CVE-2026-7228
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get_cart_count of the file /admin/ajax.php?action=get_cart_count. This manipulation of the a…
High
CVE-2026-7227
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results i…
High
CVE-2026-7226
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of the ar…
High
CVE-2026-7225
A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete_menu of the file /admin/ajax.php?action=delete_menu. Executing a manipula…
High
CVE-2026-7224
A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function delete_cart of the file /admin/ajax.php?action=delete_cart. Performing a manipulation of…
Low
CVE-2026-7222
A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the compo…
Medium
CVE-2026-7200
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of th…
High
CVE-2026-7199
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_product. Perform…
2026-04-27
High
CVE-2026-7194
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_product. This manipulation of the argument…
Medium
CVE-2021-36438
SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php.
Medium
CVE-2026-7145
A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invit…
Medium
CVE-2026-7144
A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update_passwd_process.php. The manipulation of the argument temp…
Medium
CVE-2026-7143
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation of the argument q lea…
Medium
CVE-2026-38936
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter
Medium
CVE-2026-38935
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter
High
CVE-2026-38934
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/setting…
Medium
CVE-2026-7134
A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unre…
Medium
CVE-2026-41466
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by only d…
Medium
CVE-2026-41465
ProjeQtor versions 7.0 through 12.4.3 contain a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal seque…
Medium
CVE-2026-41464
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive…
High
CVE-2026-41463
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outs…
Medium
CVE-2026-7133
A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unres…
Medium
CVE-2026-7132
A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path…
High
CVE-2026-7131
A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email…
High
CVE-2026-7130
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_category. Executing a manipulation of…
Medium
CVE-2026-7129
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /index.php?page=categories. Performing a manipulation of the argume…
High
CVE-2026-7128
A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_type. Such manipulat…
High
CVE-2026-7127
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_receiving. This manipulation of t…
High
CVE-2026-7126
A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_category. The manipulation of the argumen…
Medium
CVE-2026-7118
A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argu…
Medium
CVE-2026-7117
A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token c…
Medium
CVE-2026-7116
A security flaw has been discovered in code-projects Employee Management System 1.0. This issue affects some unknown processing of the file 370project/mark.php. Performing a manipulation results in c…
Medium
CVE-2026-7115
A vulnerability was identified in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file 370project/delete.php. Such manipulation of the argument ID leads t…
Medium
CVE-2026-7114
A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection…
Low
CVE-2026-7103
A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Passw…
Medium
CVE-2026-7095
A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site s…
Low
CVE-2026-7090
A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument m…
Medium
CVE-2026-7089
A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The man…
High
CVE-2026-7088
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing a manipula…
High
CVE-2026-7087
A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_sales. Performing a manipulation of th…
Medium
CVE-2026-7083
A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of th…
High
CVE-2026-7077
A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the argument ID leads to sq…
High
CVE-2026-7076
A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /edit_branch.php. Executing a manipulation of the argument ID can lead to sql…
High
CVE-2026-7075
A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the argument address…
High
CVE-2026-7074
A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to s…
High
CVE-2026-7073
A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attac…
High
CVE-2026-7072
A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Usern…
2026-04-26
High
CVE-2026-7063
A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performin…
Medium
CVE-2026-7044
A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can…
Medium
CVE-2026-7043
A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The…
Medium
CVE-2026-7028
A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Perf…
High
CVE-2026-7025
A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The m…
2026-04-25
High
CVE-2026-7002
A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get_message_ajax.php of the component Private Message Handler. Exe…
Medium
CVE-2026-6983
A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url…
Medium
CVE-2026-6982
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.cl…
Medium
CVE-2026-6978
A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialchars_decode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sq…
2026-04-24
Medium
CVE-2025-11762
The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/ad…
Medium
CVE-2026-6810
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dex_bccf_admin_int_calendar_list.inc.php…
High
CVE-2026-5364
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file ext…