22 matches found
Exploit for Out-of-bounds Read in Php
CVE-2025-14177 — PHP getimagesize Heap Memory Leak Fo...
Exploit for OS Command Injection in Php
PHP CVE Autopilot Fully automated detection and exploitat...
MiracleLinux 9 : php:8.3 (AXSA:2026-122:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-122:01 advisory. php: heap-based buffer overflow in arraymerge CVE-2025-14178 php: PHP: Information disclosure via getimagesize function when reading multi-chunk imag...
AlmaLinux 8 : php:8.2 (ALSA-2026:1412)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1412 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...
RockyLinux 9 : php:8.2 (RLSA-2026:1409)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1409 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...
RockyLinux 9 : php:8.3 (RLSA-2026:1429)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1429 advisory. php: heap-based buffer overflow in arraymerge CVE-2025-14178 php: PHP: Information disclosure via getimagesize function when reading multi-chunk images...
Important: Red Hat Security Advisory: php:8.3 security update
An update for the php:8.3 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Medium: php
Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7 NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfc DEBIANBUG: 1123574 CVE-2025-14177 NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2 NOTE:...
OESA-2026-1021 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
openSUSE Security Advisory (SUSE-SU-2026:0071-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2026:0071-1 Security update for php8
This update for php8 fixes the following issues: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element...
Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2025-1352)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1352 advisory. NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfcDEBIANBUG: 1123574 CVE-2025-1417...
Medium: php8.1
Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7 NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfc DEBIANBUG: 1123574 CVE-2025-14177 NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2 NOTE:...
Medium: php8.2
Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7 NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfc DEBIANBUG: 1123574 CVE-2025-14177 NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2 NOTE:...
CVE-2025-14177
In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...
Mageia: Security Advisory (MGASA-2025-0330)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 6088-1] php8.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6088-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 21, 2025 https://www.debian.org/security/faq -...
Debian dsa-6088 : libapache2-mod-php8.4 - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6088 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6088-1 [email protected] https://www.debian.org/securit...
Fedora: Security Advisory (FEDORA-2025-7e9290d67f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PHP 8.3.x < 8.3.29 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.3.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.29 advisory. - Debian Linux - php7.4 - None php8.2 - None php8.4 - None Ubuntu Linux - Unknown description CVE-2025-14178, CVE-2025-14180 -...