21 matches found
Exploit for OS Command Injection in Php
PHP CVE Autopilot Fully automated detection and exploitat...
MiracleLinux 9 : php:8.3 (AXSA:2026-122:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-122:01 advisory. php: heap-based buffer overflow in arraymerge CVE-2025-14178 php: PHP: Information disclosure via getimagesize function when reading multi-chunk imag...
AlmaLinux 8 : php:8.2 (ALSA-2026:1412)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1412 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...
RockyLinux 9 : php:8.2 (RLSA-2026:1409)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1409 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...
RockyLinux 9 : php:8.3 (RLSA-2026:1429)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1429 advisory. php: heap-based buffer overflow in arraymerge CVE-2025-14178 php: PHP: Information disclosure via getimagesize function when reading multi-chunk images...
Important: Red Hat Security Advisory: php:8.3 security update
An update for the php:8.3 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: php:8.2 security update
An update for the php:8.2 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: php:8.2 security update
An update for the php:8.2 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
openSUSE Security Advisory (SUSE-SU-2026:0071-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2026:0071-1 Security update for php8
This update for php8 fixes the following issues: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element...
Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2025-1352)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1352 advisory. NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfcDEBIANBUG: 1123574 CVE-2025-1417...
Medium: php8.1
Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7 NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfc DEBIANBUG: 1123574 CVE-2025-14177 NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2 NOTE:...
Medium: php8.2
Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7 NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfc DEBIANBUG: 1123574 CVE-2025-14177 NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2 NOTE:...
CVE-2025-14180
In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...
CVE-2025-14180
In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...
CVE-2025-14180
In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...
Mageia: Security Advisory (MGASA-2025-0330)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 6088-1] php8.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6088-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 21, 2025 https://www.debian.org/security/faq -...
Fedora: Security Advisory (FEDORA-2025-7e9290d67f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PHP 8.3.x < 8.3.29 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.3.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.29 advisory. - Debian Linux - php7.4 - None php8.2 - None php8.4 - None Ubuntu Linux - Unknown description CVE-2025-14178, CVE-2025-14180 -...