EUVD-2026-4725

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

CVE-2026-24765 PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

CVE-2026-24765 PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

CVE-2026-24765

CVE-2026-24765 affects PHPUnit; the vulnerability stems from unsafe deserialization of code coverage data during PHPT test execution. In older releases (pre-12.5.8, 11.5.50, 10.5.62, 9.6.33, 8.5.52), PHPUnit deserializes .coverage files without validating allowed classes in cleanupForCoverage(), ...

CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

Unsafe Deserialization in PHPT Code Coverage Handling

Overview A vulnerability has been discovered involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserializes code coverage files without validation, potentially allowing remote code execution if malicious...

PHPUnit code issues and vulnerabilities

PHPUnit is a PHP unit testing framework developed by Sebastian Bergmann. There were code-related vulnerabilities in versions prior to PHPUnit 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52. These vulnerabilities stemmed from insecure deserialization of code coverage data during PHPUnit testing, whi...

CVE-2025-71115 um: init cpu_tasks[] earlier

In the Linux kernel, the following vulnerability has been resolved: um: init cputasks earlier This is currently done in umlfinishsetup, but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse, which has coverage annotations, and then the checks in checkkcovmode...

CVE-2025-71115 um: init cpu_tasks[] earlier

In the Linux kernel, the following vulnerability has been resolved: um: init cputasks earlier This is currently done in umlfinishsetup, but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse, which has coverage annotations, and then the checks in checkkcovmode...

CVE-2025-71115

CVE-2025-71115 pertains to the Linux kernel where cpu_tasks[] is not initialized early enough, causing a NULL current in certain init paths (notably with KCOV enabled) and potential crashes. The available connected docs confirm the vulnerability arises from initializing cpu_tasks[] in uml_finishs...

Bugs that survive the heat of continuous fuzzing

Even when a project has been intensively fuzzed for years, bugs can still survive. ​​OSS-Fuzz is one of the most impactful security initiatives in open source. In collaboration with the OpenSSF Foundation, it has helped to find thousands of bugs in open-source software. Today, OSS-Fuzz fuzzes mor...

io.jenkins.plugins:autograding (=4.2.0), io.jenkins.plugins:code-coverage-api (=4.99.0) +2 more potentially affected by CVE-2025-67641 via io.jenkins.plugins:coverage (>=1.10.0 <=2.2941.v08df75b_767f1)

io.jenkins.plugins:coverage MAVEN version =1.10.0, =-rc6.886d29ff0f4d, =67.v35d155a1ffdf, =79.v78d40e1fc27e Source cves: CVE-2025-67641 Source advisory: OSV:GHSA-V3F3-RF6R-43X5...

EUVD-2022-7128

Malicious code in bioql PyPI...

EUVD-2022-3596

Malicious code in bioql PyPI...

EUVD-2022-5780

Malicious code in bioql PyPI...

Malicious code in php-code-coverage (npm)

The package php-code-coverage was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-29178 Malicious code in php-code-coverage (npm)

The package php-code-coverage was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

[SECURITY] Fedora 41 Update: perl-Devel-Cover-1.44-6.fc41

This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an...

[SECURITY] Fedora 42 Update: perl-Devel-Cover-1.44-6.fc42

This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an...

Enhancing Software Vulnerability Detection through Adaptive Test Input Generation Using Genetic Algorithm

Software vulnerabilities continue to undermine the reliability and security of modern systems, particularly as software complexity outpaces the capabilities of traditional detection methods. This study introduces a genetic algorithm-based method for test input generation that innovatively...