| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-31627 | Heap buffer overflow in finfo_buffer | PHP Group | PHP | High | 7.7 | 2022-07-28 05:50:10 | Deep Dive |
| CVE-2022-31157 | Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library | packbackbooks | lti-1-3-php-library | High | 7.5 | 2022-07-15 17:15:21 | Deep Dive |
| CVE-2022-31158 | Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library | packbackbooks | lti-1-3-php-library | High | 7.5 | 2022-07-15 17:15:12 | Deep Dive |
| CVE-2017-20128 | KB Messages PHP Script sql injection | unspecified | KB Messages PHP Script | High | 7.3 | 2022-07-13 17:55:25 | Deep Dive |
| CVE-2022-1732 | Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF | Unknown | Rename wp-login.php | 中危 | - | 2022-07-11 12:56:10 | Deep Dive |
| CVE-2022-31626 | mysqlnd/pdo password buffer overflow | PHP Group | PHP | High | 7.5 | 2022-06-16 05:45:17 | Deep Dive |
| CVE-2022-31625 | Freeing unallocated memory in php_pgsql_free_params() | PHP Group | PHP | High | 8.1 | 2022-06-16 05:45:15 | Deep Dive |
| CVE-2022-29221 | PHP Code Injection by malicious block or filename in Smarty | smarty-php | smarty | High | 8.8 | 2022-05-24 00:00:00 | Deep Dive |
| CVE-2022-25866 | Command Injection | - | czproject/git-php | High | 8.1 | 2022-04-25 17:10:11 | Deep Dive |
| CVE-2021-21708 | UAF due to php_filter_float() failing | PHP Group | PHP | High | 8.2 | 2022-02-27 08:00:12 | Deep Dive |
| CVE-2022-24663 | Remote Code Execution by Subscriber+ users via WordPress shortcode | Alexander Fuchs | PHP Everywhere | Critical | 9.9 | 2022-02-16 16:38:06 | Deep Dive |
| CVE-2022-24665 | Remote Code Execution by by Contributor+ users via WordPress gutenberg block | Alexander Fuchs | PHP Everywhere | Critical | 9.9 | 2022-02-16 16:38:06 | Deep Dive |
| CVE-2022-24664 | Remote Code Execution by by Contributor+ users via WordPress metabox | Alexander Fuchs | PHP Everywhere | Critical | 9.9 | 2022-02-16 16:38:04 | Deep Dive |
| CVE-2022-0323 | Improper Neutralization of Special Elements Used in a Template Engine in bobthecow/mustache.php | bobthecow | bobthecow/mustache.php | 高危 | - | 2022-01-21 18:00:17 | Deep Dive |
| CVE-2021-23227 | WordPress PHP Everywhere Plugin <= 2.0.2 is vulnerable to Cross Site Request Forgery (CSRF) | Alexander Fuchs | PHP Everywhere (WordPress plugin) | Medium | 5.4 | 2022-01-13 20:27:29 | Deep Dive |
| CVE-2021-21408 | Access to restricted PHP code by dynamic static class access in smarty | smarty-php | smarty | High | 8.8 | 2022-01-10 00:00:00 | Deep Dive |
| CVE-2021-29454 | Sandbox Escape by math function in smarty | smarty-php | smarty | High | 8.1 | 2022-01-10 00:00:00 | Deep Dive |
| CVE-2021-21707 | Special characters break path parsing in XML functions | PHP Group | PHP | Medium | 5.3 | 2021-11-29 06:25:09 | Deep Dive |
| CVE-2021-21703 | PHP-FPM memory access in root process leading to privilege escalation | PHP Group | PHP | High | 7.8 | 2021-10-25 05:40:09 | Deep Dive |
| CVE-2021-21706 | ZipArchive::extractTo may extract outside of destination dir | PHP Group | PHP | Medium | 5.3 | 2021-10-04 04:00:17 | Deep Dive |