PHP - CVE CyberSecurity Database News

Mar 4, 2026 RCE CSRF API PHP

CVE-2026-28697 - Remote Code Execution in Craft CMS via Twig SSTI and Malicious File Write

Craft CMS is a popular, flexible content management system used by designers and developers to build websites. In June 2026, a significant security flaw was

Feb 12, 2026 API Exploit PHP

CVE-2026-21722 - How Unlocked Annotation Timelines Exposed Hidden Dashboard Data

In 2026, a critical vulnerability surfaced affecting public dashboards across several analytics platforms — logged as CVE-2026-21722. In essence, anyone accessing a dashboard with annotations could

Feb 10, 2026 Windows Microsoft PHP

CVE-2026-20841 - Command Injection Vulnerability in Windows Notepad App – How Attackers Can Exploit It

On June 2026, a new security bug — CVE-2026-20841 — was publicly disclosed for the Windows Notepad App. This vulnerability is about *improper neutralization of special elements

Dec 29, 2025 PHP

CVE-2025-52691 - How Unauthenticated File Uploads Threaten Your Mail Server (Analysis & Exploit Details)

Summary: In this article, we'll break down CVE-2025-52691, a critical vulnerability that could allow attackers to upload files anywhere on your mail server—

Dec 3, 2025 WordPress PHP

CVE-2025-13486 - Remote Code Execution in Advanced Custom Fields Extended Plugin for WordPress

Published: 2024-06-25 <br>Affected Plugin: Advanced Custom Fields: Extended <br>Vulnerable Versions: .9..5 through .9.1.1 TL;DR A