PHP - Platform

Type: Platform

Frequency: Mentioned 37 times

Threat intelligence on PHP (Platform). Found in 30 clusters.

Critical NGINX Vulnerability CVE-2026-42945 Exposes Millions to RCE and DoS Attacks (Threat Score: 78.8)
Critical CVE-2026-8206 Flaw in Kirki Plugin Exposes 500,000 WordPress Sites to Attacks (Threat Score: 78.0)
Belarusian Hackers Target Yury Hubarevich with Sophisticated Phishing Attack (Threat Score: 77.0)
SQL Injection Vulnerabilities Discovered in Gate Pass Management System and Yot CMS (Threat Score: 74.0)
High-Severity Stored XSS Vulnerability in HAX CMS (CVE-2026-48527) (Threat Score: 74.0)
Critical PHP Object Injection Vulnerability in Mirasvit Cache Warmer (Threat Score: 72.9)
Critical PHP SOAP Extension Vulnerabilities Enable Remote Code Execution (Threat Score: 72.8)
Critical RCE Vulnerabilities in WordPress Plugins Exposed (Threat Score: 72.0)
Supply Chain Attack Compromises Laravel Lang Packages with Credential Stealer (Threat Score: 71.0)
Critical Remote Code Execution Vulnerabilities in WordPress Plugins Identified (Threat Score: 69.8)

Recent Articles

CVE-2023-54352 - Cvefeed
SentinelOne CVE-2026-3300 Vulnerability Database - www.sentinelone.com
Targeted Gmail Phishing Suspicious Account Activity From Unc1151 Ghostwriter May 2026 - resident.ngo
Mirasvit Cache Warmer Object Injection - sansec.io
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites - Infosecurity-Magazine
php web scripts Vulnerabilities: CVEs, CISA KEV & Security Advisories - Radicalnotion.Ai
CVE-2018-25424 AKAOMA CVE VULNERABILITIES / 6h Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form parameters to authenticate without valid credentials and gain access to the application. - cve.akaoma.com
CVE-2018-25425 - Exploits & Severity - Feedly
CVE-2026-48527 AKAOMA CVE VULNERABILITIES / 6h HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by injecting an event handler attribute without whitespace before the attribute name. @haxtheweb/haxcms-nodejs 26.0.1 and haxcms-php 26.0.2 patch the issue. - cve.akaoma.com
CVE-2026-48527 - Exploits & Severity - Feedly