Software
PHP PHPSingle byte overread with convert.quoted-printable-decode filter
PHP PHPConfiguring a proxy in a stream context might allow for CRLF injection in URIs
Php-fpm Php-fpmPHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
Php-fpm Php-fpmcgi.force_redirect configuration is bypassable due to the environment variable collision
PHP PHPCommand injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPPHP mb_encode_mimeheader runs endlessly for some inputs
PHP PHPSecurity issue with external entity loading in XML without enabling it
PHP PHPpassword_verify() always returns true for some invalid hashes
PHP PHPDoS vulnerability when parsing multipart request body
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPOOB read due to insufficient input validation in imageloadfont()
PHP PHPFreeing unallocated memory in php_pgsql_free_params()
PHP PHPPHP-FPM memory access in root process leading to privilege escalation
Fedoraproject FedoraIn Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a diff…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Fedoraproject FedoraPEAR Archive_Tar Improper Link Resolution Vulnerability
Fedoraproject FedoraPEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
Chadhaajay PhpkbAn issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part …
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPTemporary files are not cleaned after OOM when parsing HTTP request data
Canonical Ubuntu Linuxmb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full
FreeBSD FreeBSDregcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion…
Canonical Ubuntu LinuxNull Pointer Dereference in PHP Session Upload Progress
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPThe compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorr…
PHP PHPlink() silently truncates after a null byte on Windows
Canonical Ubuntu Linuxheap-buffer-overflow on exif_scan_thumbnail in EXIF extension
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Canonical Ubuntu Linuxheap-buffer-overflow on exif_process_user_comment in EXIF extension
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
ubuntu/php-pearPotential RCE if filename starts with phar://
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPFixed bug (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
PHP PHPext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of serv…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.