Revive Adserver 4.2 - Remote Code Execution

Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g...

RockyLinux 10 : php8.4 (RLSA-2026:22649)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22649 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2026-1728)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1728 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a globa...

Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2026-011 (ALASPHP8.2-2026-011)

The version of php installed on the remote host is prior to 8.2.31-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2026-011 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2026-1727)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1727 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a globa...

Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2026-1726)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1726 advisory. Global buffer over-read in mbconvertencoding with attacker-supplied encoding CVE-2026-6104 In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, th...

CVE-2025-14179 vulnerabilities

Vulnerabilities for packages: php...

CVE-2026-6735 vulnerabilities

Vulnerabilities for packages: php...

Astra Linux - уязвимость в php7.3, php8.1

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, and 8.2. before 8.2.2, when using the PDO::quote function to quote user-supplied data for SQLite, providing an overly long string may cause the driver to incorrectly quote the data. This can further lead to SQL injection vulnerabilities...

PHP 代码问题漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained code vulnerabilities. These vulnerabilities were caused by mismatches in the encoding lists between Oniguruma and mbfl, leading to null pointer dereferencing...

OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues

OpenAI on Friday began rolling out Codex Security , an artificial intelligence AI-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex w...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for January 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF006. These vulnerabilities have been also adressed in 24.0.1-IF006 and 25.0.0-IF003. Vulnerability Details CVEID:CVE-2018-5711 DESCRIPTION: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP...

MiracleLinux 8 : php:7.4 (AXSA:2026-182:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-182:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

RHEL 10 : php (RHSA-2026:1628)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1628 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in...

MiracleLinux 8 : php:8.2 (AXSA:2026-124:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-124:01 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML...

RockyLinux 8 : php:8.2 (RLSA-2026:1412)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1412 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...

RHEL 10 : php (RHSA-2026:1185)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1185 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in...

Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2026-009 (ALASPHP8.2-2026-009)

The version of php installed on the remote host is prior to 8.2.30-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2026-009 advisory. NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7NOTE:...

MiracleLinux 9 : php-8.0.30-1.el9 (AXSA:2023-6528:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6528:03 advisory. php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in commo...

MiracleLinux 8 : php:7.4 (AXSA:2022-4415:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4415:01 advisory. php: Special character breaks path in xml parsing CVE-2021-21707 php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 php-pear:...