php Archives • Daily CyberSecurity

Urgent Update: Composer Vulnerability Leaks GitHub Secrets in Plaintext Logs (CVE-2026-45793) CVE-2026-40176, CVE-2026-40261 Composer GitHub Token Leak CVE-2026-45793

CVE-2026-40176, CVE-2026-40261 Composer GitHub Token Leak CVE-2026-45793

Urgent Update: Composer Vulnerability Leaks GitHub Secrets in Plaintext Logs (CVE-2026-45793)

Ddos May 14, 2026

In a critical security alert for the PHP community, Nils Adermann, Co-Creator of Composer, has issued an...

Critical 9.5 Severity: PHP SOAP Extension Flaw Enables Remote Code Execution CVE-2023-0662 PHP RCE Vulnerability CVE-2026-6722

Critical 9.5 Severity: PHP SOAP Extension Flaw Enables Remote Code Execution

Ddos May 11, 2026

For the system administrators and DevOps engineers who maintain the backbone of the internet, PHP is a...

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry Contagious Interview Malicious Packages

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry

Ddos April 8, 2026

Researchers at Socket have identified a massive new cluster of malicious packages linked to North Korea’s notorious...

Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released Snipe-IT RCE Chain, Deserialization

Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released

Ddos October 7, 2025

Cybersecurity researchers at Synacktiv have uncovered two critical vulnerabilities in Snipe-IT, an open-source IT asset management system,...

CVE-2025-54370: SSRF Vulnerability Discovered in PhpSpreadsheet Library PhpSpreadsheet CVE-2025-54370

CVE-2025-54370: SSRF Vulnerability Discovered in PhpSpreadsheet Library

Ddos August 26, 2025

A newly disclosed security flaw, tracked as CVE-2025-54370, has been identified in PhpSpreadsheet, a PHP-based library that...

Critical ADOdb Flaw (CVE-2025-54119, CVSS 10.0) in SQLite3 Driver Allows SQL Injection ADOdb SQL Injection, PHP Vulnerability

Critical ADOdb Flaw (CVE-2025-54119, CVSS 10.0) in SQLite3 Driver Allows SQL Injection

Ddos August 5, 2025

A critical SQL injection vulnerability has been discovered in ADOdb, a widely used PHP database abstraction library....

Critical CodeIgniter Flaw (CVSS 9.8) Allows Remote Code Execution, Over 2.9 Million Downloads at Risk CVE-2023-32692 CodeIgniter RCE, ImageMagick Vulnerability

CVE-2023-32692 CodeIgniter RCE, ImageMagick Vulnerability

Critical CodeIgniter Flaw (CVSS 9.8) Allows Remote Code Execution, Over 2.9 Million Downloads at Risk

Ddos July 29, 2025

Developers relying on CodeIgniter, one of the most widely adopted PHP full-stack web frameworks with over 2.9...

Critical Livewire RCE (CVE-2025-54068) Threatens Millions of Laravel Apps – Patch Immediately! Livewire RCE, Laravel Vulnerability

Critical Livewire RCE (CVE-2025-54068) Threatens Millions of Laravel Apps – Patch Immediately!

Ddos July 21, 2025

A critical remote command execution (RCE) vulnerability has been discovered in Livewire, the popular full-stack framework for...

PHP 9.0 to Adopt BSD License: Unifying Open Source and Ending Licensing Confusion PHP Vulnerability PHP Licensing, Open Source

PHP 9.0 to Adopt BSD License: Unifying Open Source and Ending Licensing Confusion

Ddos July 15, 2025

As one of the most widely used open-source scripting languages in the world, PHP has long faced...

CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps LaRecipe, Remote Code Execution

CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps

Ddos July 15, 2025

A newly discovered Server-Side Template Injection (SSTI) vulnerability in the widely-used LaRecipe documentation tool has been assigned...

Interlock RAT Gets PHP Makeover: New Variant Uses Steganography & ClickFix for Stealthy Infiltration

Ddos July 14, 2025

Researchers from The DFIR Report, in collaboration with Proofpoint, have uncovered a stealthy and resilient variant of...

Laravel Flaw: Leaked APP_KEY Turns Into Remote Code Execution Laravel APP_KEY, Deserialization Attack

Laravel Flaw: Leaked APP_KEY Turns Into Remote Code Execution

Ddos July 11, 2025

A recent technical deep-dive by Synacktiv has exposed a serious yet often overlooked risk in Laravel—the popular...

PHP Flaws: CVE-2025-1735 (SQLi/Crash) & CVE-2025-6491 (SOAP DoS) Threaten PHP Apps PHP Vulnerabilities, SQLi DoS CVE-2024-8932 & CVE-2024-8929

PHP Flaws: CVE-2025-1735 (SQLi/Crash) & CVE-2025-6491 (SOAP DoS) Threaten PHP Apps

Ddos July 4, 2025

The PHP project has released security patches addressing two vulnerabilities that expose PHP-based applications to SQL injection...

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers! Convoy RCE, Unauthenticated

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers!

Ddos June 24, 2025

A newly disclosed vulnerability in Convoy, a modern KVM server management panel built for hosting providers, has...

Legacy vBulletin 4.x Patch Backfires: RCE via Signed Base64 Payloads and a Full PoC vBulletin RCE

Legacy vBulletin 4.x Patch Backfires: RCE via Signed Base64 Payloads and a Full PoC

Ddos June 7, 2025

Security researcher Egidio Romano (EgiX) uncovers a fascinating PHP Object Injection (POI) vulnerability in legacy versions of...

CVE-2025-48951: Critical Deserialization Flaw in Auth0 PHP SDK Threatens Millions of Applications Auth0 PHP SDK, Critical Vulnerability

CVE-2025-48951: Critical Deserialization Flaw in Auth0 PHP SDK Threatens Millions of Applications

Ddos June 5, 2025

A newly disclosed vulnerability in the Auth0 PHP SDK—a widely-used authentication toolkit with over 16 million downloads—poses...

Critical RCE Flaw Patched in Roundcube Webmail: Update Immediately! Roundcube, RCE Vulnerability CVE-2025-49113

Critical RCE Flaw Patched in Roundcube Webmail: Update Immediately!

Ddos June 2, 2025

Roundcube Webmail, a widely-used browser-based IMAP client, has patched a critical security vulnerability, tracked as CVE-2025-49113 (CVSS...

Critical Pre-Auth RCE: vBulletin Flaw Allows Full Server Compromise (PoC Available) vBulletin RCE, pre-auth RCE

Critical Pre-Auth RCE: vBulletin Flaw Allows Full Server Compromise (PoC Available)

Ddos May 26, 2025

A newly disclosed vulnerability in vBulletin, one of the most widely used commercial forum platforms on the...

Critical Risk (CVSS 9.1): Auth0-PHP SDK Flaw Threatens 16M+ Downloads Auth0-PHP vulnerability CVE-2025-47275

Critical Risk (CVSS 9.1): Auth0-PHP SDK Flaw Threatens 16M+ Downloads

Ddos May 19, 2025

Okta has issued a critical security advisory warning developers and enterprises using the Auth0-PHP SDK about a...

Urgent: Yii 2 Vulnerability CVE-2024-58136 Under Active Exploit

Ddos April 14, 2025

A critical security vulnerability, tracked as CVE-2024-58136 (CVSS 9.1), has been uncovered in the popular PHP web...