92633 matches found
CVE-2026-7263
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...
CVE-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
CVE-2026-6104
CVE-2026-6104 affects PHP 8.4.x before 8.4.21 and 8.5.x before 8.5.6. When an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, code assumes that strncasecmp() returning 0 guarantees equal length, enabling an out-of-bounds read of glob...
CVE-2026-6104
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
CVE-2026-7258
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...
EUVD-2026-28968
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...
CVE-2026-7258
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...
CVE-2026-6722 Use-After-Free in SOAP using Apache map
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...
CVE-2026-6722
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...
CVE-2026-6722
CVE-2026-6722 describes a use-after-free in PHP’s SOAP extension object deduplication. In affected PHP versions (8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21, and 8.5.x before 8.5.6), the global map stores object pointers without proper reference counting. If an apache:Map node c...
EUVD-2026-28969
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...
CVE-2026-7259
CVE-2026-7259 describes a NULL pointer dereference in PHP due to a mismatch between Oniguruma and mbfl encoding lists, exploitable when user-controlled input influences the encoding passed to mb_regex_encoding(). The issue affects PHP 8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21,...
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...
CVE-2026-7259
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...
EUVD-2026-28970
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...
CVE-2026-7261
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...
CVE-2026-7261
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...
CVE-2026-7262
CVE-2026-7262 affects PHP 8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21, and 8.5.x before 8.5.6. When a SOAP server uses a typemap, the decoding process checks the wrong variable for missing value elements, which can dereference a NULL pointer and crash the PHP SOAP server, causin...