CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

RedHat Linux•added 2025/09/11 12:0 p.m.•2 views

php: libxml streams use wrong content-type header when requesting a redirected resource

A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...

6.3CVSS5.7AI score0.00092EPSS

Exploits1References5

OSV•added 2025/04/14 11:39 a.m.•14 views

BIT-PHP-MIN-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

6.3CVSS6AI score0.00092EPSS

Exploits1References4

OSV•added 2025/04/14 11:39 a.m.•14 views

BIT-PHP-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource

6.3CVSS6AI score0.00092EPSS

Exploits1References4

NVD•added 2025/03/30 6:15 a.m.•13 views

CVE-2025-1219

6.3CVSS0.00092EPSS

Exploits1References3

OSV•added 2025/03/30 6:15 a.m.•2 views

DEBIAN-CVE-2025-1219

6.3CVSS6.1AI score0.00092EPSS

Exploits1References1

OSV•added 2025/03/30 6:15 a.m.•2 views

AZL-59300 CVE-2025-1219 affecting package php for versions less than 8.1.32-1

5.3CVSS6.7AI score0.00092EPSS

Exploits1References1

OSV•added 2025/03/30 6:15 a.m.•2 views

AZL-59316 CVE-2025-1219 affecting package php for versions less than 8.3.19-1

5.3CVSS6.7AI score0.00092EPSS

Exploits1References1

Vulnrichment•added 2025/03/30 5:33 a.m.•10 views

CVE-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource

6.3CVSS6.4AI score0.00092EPSS

Exploits1References1

SUSE CVE•added 2025/03/16 2:49 a.m.•2 views

SUSE CVE-2025-1219

5.3CVSS6.2AI score0.00092EPSS

Exploits1References15

OSV•added 2024/06/07 9:15 p.m.•7 views

GHSA-4J9X-G4X8-VCMF ZendFramework potential XML eXternal Entity injection vectors

ZendFeedRss and ZendFeedAtom were found to contain potential XML eXternal Entity XXE vectors due to insecure usage of PHP's DOM extension. External entities could be specified by adding a specific DOCTYPE element to feeds; exploiting this vulnerability could coerce opening arbitrary files and/or...

7.5CVSS7.2AI score

Exploits0References3

Github Security Blog•added 2024/06/07 9:15 p.m.•10 views

ZendFramework potential XML eXternal Entity injection vectors

7.2AI score

Exploits0References3Affected Software1

RedHat Linux•added 2015/07/09 6:53 p.m.•2 views

php: missing null byte checks for paths in DOM and GD extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

7.5CVSS7.2AI score0.00675EPSS

Exploits0References4

RedHat Linux•added 2015/07/09 5:1 p.m.•2 views

php: missing null byte checks for paths in DOM and GD extensions

7.5CVSS7.2AI score0.00675EPSS

Exploits0References4

RedHat Linux•added 2015/06/25 8:31 a.m.•0 views

php: missing null byte checks for paths in DOM and GD extensions

7.5CVSS7.2AI score0.00675EPSS

Exploits0References4

Debian•added 2015/05/24 11:55 a.m.•23 views

[SECURITY] [DSA 3265-2] zendframework regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3265-2 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 24, 2015 http://www.debian.org/security/faq -...

9.8CVSS9.2AI score0.03436EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by