php
php
- CVE-2026-12415 - The Invoice Generator plugin for WordPress privilege escalation
- CVE-2026-13485 - SourceCodester Class and Exam Timetabling System 1 sql injection
- CVE-2026-13486 - SourceCodester Class and Exam Timetabling System 1 sql injection
- CVE-2026-13487 - SourceCodester Class and Exam Timetabling System 1 sql injection
- CVE-2026-13488 - A security flaw has sql injection
- CVE-2026-13498 - yashpokharna2555 restaurent-management-system sql injection
- CVE-2026-13521 - SourceCodester Class and Exam Timetabling System 1 sql injection
- CVE-2026-13526 - SourceCodester Class and Exam Timetabling System 1 sql injection
- CVE-2026-13527 - SourceCodester Class and Exam Timetabling System 1 sql injection
- CVE-2026-13546 - Feehi CMS missing authentication
- CVE-2026-13550 - itsourcecode Baptism Information Management System 1 sql injection
- CVE-2026-13551 - itsourcecode Baptism Information Management System 1 sql injection
- CVE-2026-13552 - itsourcecode Online Hotel Management System 1 sql injection
- CVE-2026-13553 - itsourcecode Online Hotel Management System 1 unrestricted file upload
- CVE-2026-13559 - code-projects Real State Services 1 sql injection
- CVE-2026-58054 - MyBB 1.8.40 does not security control bypass
- CVE-2026-8095 - The Frontend File Manager Plugin plugin for WordPress arbitrary file write/read
- CVE-2026-13485 - SourceCodester preview course_year_section SQL injection
- CVE-2026-13485 - SourceCodester preview.php course_year_section SQL injection
- CVE-2026-13486 - SourceCodester preview6 course_year_section SQL injection
- CVE-2026-13486 - SourceCodester preview6.php course_year_section SQL injection
- CVE-2026-13487 - SourceCodester archive sy SQL injection
- CVE-2026-13487 - SourceCodester archive.php sy SQL injection
- CVE-2026-13488 - SourceCodester preview7 course_year_section SQL injection
- CVE-2026-13488 - SourceCodester preview7.php course_year_section SQL injection
- CVE-2026-13498 - restaurant-management-system forgotpassword email SQL injection
- CVE-2026-58054 - MyBB limited ACP user group privilege escalation
- CVE-2026-58054 - MyBB limited ACP user management administrator escalation
- CVE-2026-8095 - WordPress Frontend File Manager arbitrary file deletion
- CVE-2026-8095 - WordPress Frontend File Manager arbitrary file deletion
- CVE-2026-12415 - Invoice Generator unauthenticated account takeover
- CVE-2026-48507 - Snipe-IT bulk user lockout privilege escalation
- CVE-2026-54329 - Snipe-IT cross-tenant accessory injection
- CVE-2026-6933 - Premmerce Dev Tools plugin creation RCE
- CVE-2026-8176 - LatePoint agent privilege escalation
- CVE-2026-8442 - WP Review Slider Pro arbitrary file deletion
- CVE-2026-8443 - WP Review Slider Pro stypes SQL injection
- CVE-2026-8444 - WP Review Slider Pro curselrevs SQL injection
- CVE-2026-48062 - CodeIgniter4 ext_in upload validation bypass
- CVE-2026-49741 - TYPO3 form framework privilege escalation and SQL injection
- CVE-2026-45034 - PHPSpreadsheet PHAR wrapper patch bypass
- CVE-2026-53738 - Copy & Delete Posts AJAX privilege escalation
- CVE-2026-45063 - Symfony X509Authenticator DN identity spoofing
- CVE-2026-46636 - Twig cached template sandbox-state bypass
- CVE-2026-24425 - Twig SourcePolicyInterface callback bypass
- CVE-2026-41236 - Froxlor SSH key symlink root access
- CVE-2026-46640 - Twig macro-reference compilation RCE
- CVE-2026-47732 - Twig toString sandbox bypass
- CVE-2026-41247 - elFinder ImageMagick bg command injection
- CVE-2026-5063 - NEX-Forms POST key stored XSS
- CVE-2026-4882 - WordPress User Registration Advanced Fields upload RCE
- CVE-2026-7458 - WordPress User Verification OTP auth bypass
- CVE-2026-7567 - WordPress Temporary Login auth bypass
- PHP object deserialization — `unserialize` on untrusted data