php:8.2 security update

An update is available for php, php-pecl-rrd, module.php, module.php-pecl-xdebug3, module.php-pecl-apcu, php-pecl-xdebug3, module.php-pecl-rrd, php-pecl-zip, module.php-pecl-zip, php-pecl-apcu. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a...

ALSA-2026:22142 Important: php:8.3 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

php: Fix of CVE-2026-6735

CVE-2026-6735: fix XSS within FPM status endpoint...

CLSA-2026-1779292803 Fix CVE(s): CVE-2026-6735

SECURITY UPDATE: XSS within status endpoint in PHP-FPM - debian/patches/CVE-2026-6735.patch: XSS within status endpoint in PHP-FPM - CVE-2026-6735...

OESA-2026-2420 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2026-6735 vulnerabilities

Vulnerabilities for packages: php...

CLSA-2026-1779123668 Fix CVE(s): CVE-2026-6735

SECURITY UPDATE: XSS via unsanitized request URI in PHP-FPM status page - debian/patches/CVE-2026-6735.patch: escape requesturi with HTML entities in fpmstatushandlerequest for HTML/XML output formats, and fix querystring escape flags in sapi/fpm/fpm/fpmstatus.c - CVE-2026-6735...

SUSE-SU-2026:1958-1 Security update for php8

This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. - CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776. -...

SUSE SLES16 Security Update : php8 (SUSE-SU-2026:21612-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21612-1 advisory. This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when...

[SECURITY] [DLA 4586-1] php7.4 security update

Debian LTS Advisory DLA-4586-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 16, 2026 https://wiki.debian.org/LTS Package : php7.4 Version : 7.4.33-1+deb11u11 CVE ID : CVE-2026-6722 CVE-2026-6735 CVE-2026-7258 CVE-2026-7261 CVE-2026-7262 CVE-2026-7568 Debian...

CVE-2026-6735 affecting package php for versions less than 8.3.31-1

CVE-2026-6735 affecting package php for versions less than 8.3.31-1. A patched version of the package is available...

CLSA-2026-1778670864 php: Fix of CVE-2026-6735

CVE-2026-6735: HTML-encode proc.requesturi and tighten querystring entity flags in sapi/fpm/fpm/fpmstatus.c to fix XSS in PHP-FPM status endpoint...

MINI-6735-9296-2VPQ

Bulletin has no description...

DEBIAN-CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

CVE-2026-6735

creationtimestamp| type| source ---|---|--- 2026-05-08 05:51:08+00:00| seen| https://bsky.app/profile/remirepo.net/post/3mlczxuq7ac2w 2026-05-08 08:02:11+00:00| seen| https://bsky.app/profile/slackers.it/post/3mldbca2ylb2w 2026-05-10 07:27:08+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2023-6735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in mktsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges CVE-2023-6735 Note that...

CVE-2025-6735

creationtimestamp| type| source ---|---|--- 2025-06-26 23:53:38+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19659 2025-06-27 04:48:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsktmdu42k2a...

CVE-2025-6735

JuzaWeb CMS 3.4.2 contains a vulnerability in the Import Page component (unknown function under /admin-cp/imports) that allows improper authorization. The issue can be exploited remotely and public PoC/exploit details exist. Vendor did not respond to disclosure. Reported data indicate various CVS...

CVE-2025-6735 juzaweb CMS Import Page imports improper authorization

A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to...