Posts on the topic: PHP
Security
4 July 2026
Security Bulletin for 4 July 2026: Privilege Escalation in HestiaCP, Heap Overflow in PHP Core, Stored Cross-Site Scripting in Ultimate Member and PII Tampering in LatePoint
Daily security roundup: a privilege escalation leading to server takeover in the HestiaCP control panel, a heap overflow in PHP core, stored cross-site scripting in Ultimate Member and unauthenticated tampering with customer data in LatePoint.
Read more → Security25 June 2026
Security Bulletin for 25 June 2026: CRLF Injection in the Laravel Framework and a Critical Account Takeover in the Kirki WordPress Plugin
Daily security overview: a CRLF injection in the Laravel PHP framework and a critical, unauthenticated account takeover in the Kirki WordPress plugin.
Read more → Security23 June 2026
Security Advisory: Two Vulnerabilities in the Guzzle PHP HTTP Client (CVE-2026-55568 and CVE-2026-55767) — Relevant Because of Its Spread Across PHP Libraries
Two vulnerabilities in the widely used Guzzle PHP HTTP client: unencrypted proxy traffic and a CookieJar flaw. Both are fixed in version 7.12.1.
Read more → Security22 June 2026
Security Bulletin for 22 June 2026: Privilege Escalation in Vitepos, a Critical Flaw in PhpSpreadsheet, and Cross-Site Scripting in WooCommerce Auction Pro
Daily security overview for WordPress, e-commerce and PHP: privilege escalation in Vitepos, a flaw in PhpSpreadsheet, and XSS in WooCommerce Auction Pro.
Read more →