9.2
CVE-2026-25238 - PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0.
9.2
CVE-2026-25237 - PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of preg_replace() with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in veโฆ
6.9
CVE-2026-25236 - PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN (...) list. This issue has been patched in version 1.33.0.
8.2
CVE-2026-25235 - PEAR Has a Predictable Verification Hash in Election Account Requests
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0.
5.3
CVE-2026-25234 - PEAR is Vulnerable to SQL Injection in Category Deletion
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0.
7.1
CVE-2026-25233 - PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0.
3.7
CVE-2025-52631 - HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerabโฆ
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0.
3.7
CVE-2025-52623 - HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AIOโฆ
0.0
CVE-2026-1846 -
loading template...
6.1
CVE-2026-25522 - Craft Commerce has Stored XSS in Shipping Zone (Name & Description) Fields Leading to Potential Priโฆ
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administratorโs browser. This occurs because the Shipping Zone (Name & Descriptionโฆ