Filters
Software
php php
723
php pear
5
php archive tar
4
php-fpm php-fpm
4
php pearweb
2
php php script index
2
php animated smiley generator
1
php ar memberscript
1
php blog cms
1
php bloq
1
php com extensions
1
php directory listing script
1
php errordocs
1
php ext-http
1
php f1 maxs file uploader
1
php fastcgi process manager (fpm)
1
php group php
1
php imagick
1
php memcached
1
php mysql banner exchange
1
php mysql extension
1
php pear archive tar
1
php pecl http
1
php php fi
1
php phpsquidpass
1
php xhprof
1
PHP PHPLeak partial content of the heap through heap buffer over-read in mysqlnd
5.8
EPSS
0.04%
First published (updated )
PHP PHPInteger overflow in the firebird and dblib quoters causing OOB writes
9.8
First published (updated )
PHP PHPSingle byte overread with convert.quoted-printable-decode filter
4.8
First published (updated )
PHP PHPConfiguring a proxy in a stream context might allow for CRLF injection in URIs
4.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Php-fpm Php-fpmPHP-FPM logs from children may be altered
3.3
EPSS
0.04%
First published (updated )
Php-fpm Php-fpmPHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
8.8
EPSS
0.05%
First published (updated )
Php-fpm Php-fpmErroneous parsing of multipart form data
5.3
EPSS
0.05%
First published (updated )
Php-fpm Php-fpmcgi.force_redirect configuration is bypassable due to the environment variable collision
7.5
EPSS
0.08%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPPHP-CGI OS Command Injection Vulnerability
First published (updated )
PHP PHPFilter bypass in filter_var (FILTER_VALIDATE_URL)
5.3
EPSS
0.08%
First published (updated )
PHP PHPCommand injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)
8.8
EPSS
0.44%
First published (updated )
PHP PHPCommand injection via array-ish $command parameter of proc_open()
9.4
First published (updated )
PHP PHPPHP function password_verify can erroneously return true when argument contains NUL
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
ubuntu/php8.1__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
6.5
First published (updated )
PHP PHPPHP mb_encode_mimeheader runs endlessly for some inputs
7.5
First published (updated )
PHP PHPBuffer overflow and overread in phar_dir_read()
9.8
First published (updated )
PHP PHPSecurity issue with external entity loading in XML without enabling it
8.6
First published (updated )
PHP PHPMissing error check and insufficient random bytes in HTTP Digest authentication for SOAP
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPPotential buffer overflow in php_cli_server_startup_workers
6.2
First published (updated )
PHP PHPpassword_verify() always returns true for some invalid hashes
8.1
First published (updated )
PHP PHPDoS vulnerability when parsing multipart request body
7.5
First published (updated )
PHP PHPSQL Injection, Integer Overflow
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPOOB read due to insufficient input validation in imageloadfont()
7.1
First published (updated )
PHP PHP$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
6.5
First published (updated )
PHP PHPphar wrapper can occur dos when using quine gzip file
5.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPFreeing unallocated memory in php_pgsql_free_params()
8.1
First published (updated )
Php Pearwebpearweb < 1.32 suffers from Deserialization of Untrusted Data.
9.8
First published (updated )
Php Pearwebpearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.p…
9.8
First published (updated )
Php MemcachedPHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execu…
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPSpecial characters break path parsing in XML functions
5.3
First published (updated )
PHP PHPPHP-FPM memory access in root process leading to privilege escalation
7.8
First published (updated )
PHP PHPZipArchive::extractTo may extract outside of destination dir
6.5
First published (updated )
Fedoraproject FedoraIn Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a diff…
7.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPIncorrect URL validation in FILTER_VALIDATE_URL
5.3
First published (updated )
PHP PHPMultiple vulnerabilities in Firebird client extension
5.9
First published (updated )
Fedoraproject FedoraPEAR Archive_Tar Improper Link Resolution Vulnerability
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPFILTER_VALIDATE_URL accepts URLs with invalid userinfo
5.3
First published (updated )
Fedoraproject FedoraPEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
First published (updated )
Canonical Ubuntu LinuxPHP parses encoded cookie names so malicious `__Host-` cookies can be sent
5.3
First published (updated )
Canonical Ubuntu LinuxWrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.