Pearweb

This hub aggregates every CVE we track for Pearweb, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 12 most recently published vulnerabilities affecting Pearweb.

• CVE-2026-25241PEAR is Vulnerable to SQL Injection in /get/<package>/<version> Endpoint9.8Feb 3, 2026
• CVE-2026-25240PEAR is Vulnerable to SQL Injection in user::maintains() Role IN() Filter9.8Feb 3, 2026
• CVE-2026-25239PEAR is Vulnerable to SQL Injection in apidoc_queue Insert via Unescaped Filename7.5Feb 3, 2026
• CVE-2026-25238PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation9.8Feb 3, 2026
• CVE-2026-25237PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails9.8Feb 3, 2026
• CVE-2026-25236PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution9.8Feb 3, 2026
• CVE-2026-25235PEAR Has a Predictable Verification Hash in Election Account Requests7.5Feb 3, 2026
• CVE-2026-25234PEAR is Vulnerable to SQL Injection in Category Deletion9.8Feb 3, 2026
• CVE-2026-25233PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug9.1Feb 3, 2026
• CVE-2022-27158pearweb < 1.32 suffers from Deserialization of Untrusted Data.9.8Apr 15, 2022
• CVE-2022-27157pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.9.8Apr 15, 2022
• BDU:2022-01824Уязвимость реализации функций mt_rand() и time() пакета pearweb библиотеки PHP классов PEAR, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или выполнить произвольный код7.8Apr 6, 2022