CVE Tools

pear

OSS Librariesoss-project

17

Cumulative CVEs

3

Monthly snapshots

#20

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting pear.

CVE-2026-25241PEAR is Vulnerable to SQL Injection in /get/<package>/<version> Endpoint9.8Feb 3, 2026
CVE-2026-25240PEAR is Vulnerable to SQL Injection in user::maintains() Role IN() Filter9.8Feb 3, 2026
CVE-2026-25239PEAR is Vulnerable to SQL Injection in apidoc_queue Insert via Unescaped Filename7.5Feb 3, 2026
CVE-2026-25238PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation9.8Feb 3, 2026
CVE-2026-25237PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails9.8Feb 3, 2026
CVE-2026-25236PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution9.8Feb 3, 2026
CVE-2026-25235PEAR Has a Predictable Verification Hash in Election Account Requests7.5Feb 3, 2026
CVE-2026-25234PEAR is Vulnerable to SQL Injection in Category Deletion9.8Feb 3, 2026
CVE-2026-25233PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug9.1Feb 3, 2026
CVE-2022-24953The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.5.3Feb 17, 2022
CVE-2017-5677PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.9.8Feb 6, 2017
CVE-2009-4111Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a craft...6.8Nov 28, 2009
CVE-2009-4025Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via th...10.0Nov 28, 2009
CVE-2009-4024Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. ...10.0Nov 28, 2009
CVE-2009-4023Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary ...7.5Nov 28, 2009