php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement

A flaw was found in PHP. When the PDO PHP Data Objects PostgreSQL driver is configured with PDO::ATTREMULATEPREPARES enabled, a remote attacker can exploit a vulnerability by providing an invalid character sequence within a prepared statement parameter. This can cause a null pointer dereference,...

openSUSE 16 Security Update : php8 (openSUSE-SU-2026:20113-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20113-1 advisory. Version update to 8.4.16: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when...

php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement

A flaw was found in PHP. When the PDO PHP Data Objects PostgreSQL driver is configured with PDO::ATTREMULATEPREPARES enabled, a remote attacker can exploit a vulnerability by providing an invalid character sequence within a prepared statement parameter. This can cause a null pointer dereference,...

OPENSUSE-SU-2026:20113-1 Security update for php8

This update for php8 fixes the following issues: Version update to 8.4.16: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in...

php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement

A flaw was found in PHP. When the PDO PHP Data Objects PostgreSQL driver is configured with PDO::ATTREMULATEPREPARES enabled, a remote attacker can exploit a vulnerability by providing an invalid character sequence within a prepared statement parameter. This can cause a null pointer dereference,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000826)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000826 advisory. The emsysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to ga...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002707)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002707 advisory. The x86decodeinsn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service host OS...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002793)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002793 advisory. arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain...

Security update for php8

This update for php8 fixes the following issues: Security fixes: CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element cou...

BIT-PHP-MIN-2025-14180 NULL Pointer Dereference in PDO quoting

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

BIT-LIBPHP-2025-14180 NULL Pointer Dereference in PDO quoting

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

CVE-2025-14180

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

AZL-73234 CVE-2025-14180 affecting package php for versions less than 8.1.34-1

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

EUVD-2025-205486

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

EUVD-2025-179155

Malicious code in emulate-throw-root-meta-file npm...

EUVD-2025-178091

Malicious code in link-emulate-double-table-book npm...

EUVD-2025-179213

Malicious code in easy-emulate-try-psi-balance npm...

EUVD-2025-178654

Malicious code in grep-emulate-module-assert-chi npm...

EUVD-2025-177319

Malicious code in parse-array-slow-emulate-notify npm...

EUVD-2025-179746

Malicious code in chi-iota-decompress-sed-emulate npm...