Lucene search
K

274 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.12 views

RHEL 9 : php:8.2 (RHSA-2026:1187)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1187 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in...

8.2CVSS6.2AI score0.00573EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : php-8.0.27-1.el9 (AXSA:2023-5186:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5186:02 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a Host- or Secure- cook...

9.8CVSS7.8AI score0.49336EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 9 : php:8.1 (AXSA:2023-5806:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5806:01 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-'...

9.8CVSS7.9AI score0.49336EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : php:8.0 (AXSA:2023-5146:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5146:01 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a Host- or Secure- cook...

9.8CVSS7.8AI score0.49336EPSS
Exploits6References6
SUSE Linux
SUSE Linux
added 2026/01/09 3:1 p.m.4 views

Security update for php8

This update for php8 fixes the following issues: Security fixes: CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element cou...

8.3CVSS7.4AI score0.00573EPSS
Exploits4References12
OSV
OSV
added 2026/01/09 3:1 p.m.2 views

SUSE-SU-2026:0086-1 Security update for php8

This update for php8 fixes the following issues: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element...

8.2CVSS7.4AI score0.00573EPSS
Exploits4References7
OSV
OSV
added 2026/01/09 2:6 p.m.4 views

OESA-2026-1025 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

8.2CVSS7.1AI score0.00573EPSS
Exploits4References4
OSV
OSV
added 2026/01/09 2:6 p.m.4 views

OESA-2026-1023 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

8.2CVSS7.1AI score0.00573EPSS
Exploits4References4
OSV
OSV
added 2026/01/09 2:6 p.m.6 views

OESA-2026-1022 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

8.2CVSS7.1AI score0.00573EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.5 views

openSUSE 15: apache2-mod_php8 / php8 / php8-bcmath / php8-bz2 / php8-calendar / etc (SUSE-SU-2026:0071-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0071-1 advisory. Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk...

8.2CVSS7.2AI score0.00573EPSS
Exploits4References10
OSV
OSV
added 2026/01/08 1:22 p.m.3 views

SUSE-SU-2026:0071-1 Security update for php8

This update for php8 fixes the following issues: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element...

8.2CVSS7.3AI score0.00573EPSS
Exploits4References7
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.10 views

PHP 8.5.x < 8.5.1 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.2.x prior to 8.2.30, 8.3.x prior to 8.3.29, 8.4.x prior to 8.4.16, or 8.5.x prior to 8.5.1. It is, therefore, affected by multiple vulnerabilities: - Information leak of memory in getimagesize...

8.2CVSS7.6AI score0.00573EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.25 views

PHP 8.1.x < 8.1.34 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.2.x prior to 8.2.30, 8.3.x prior to 8.3.29, 8.4.x prior to 8.4.16, or 8.5.x prior to 8.5.1. It is, therefore, affected by multiple vulnerabilities: - Information leak of memory in getimagesize...

8.2CVSS7.6AI score0.00573EPSS
Exploits4References5
OSV
OSV
added 2025/12/27 8:15 p.m.6 views

AZL-73234 CVE-2025-14180 affecting package php for versions less than 8.1.34-1

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

8.2CVSS5.8AI score0.00573EPSS
Exploits2References1
OSV
OSV
added 2025/12/27 8:15 p.m.7 views

AZL-73201 CVE-2025-14180 affecting package php for versions less than 8.3.29-1

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

8.2CVSS5.8AI score0.00573EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/12/27 7:21 p.m.3 views

CVE-2025-14180 NULL Pointer Dereference in PDO quoting

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

8.2CVSS6AI score0.00573EPSS
Exploits2References1
CVE
CVE
added 2025/12/27 7:21 p.m.56 views

CVE-2025-14180

CVE-2025-14180 affects PHP’s PDO PostgreSQL driver when using PDO::ATTR_EMULATE_PREPARES and can cause a NULL return from PQescapeStringConn on certain invalid parameter sequences, leading to a NULL pointer dereference in pdo_parse_params() and potential server crashes. Connected advisories confi...

8.2CVSS6.5AI score0.00573EPSS
Exploits2References1Affected Software1
Rockylinux
Rockylinux
added 2025/12/27 9:4 a.m.22 views

php:7.4 security update

An update is available for module.php, module.php-pecl-xdebug, module.php-pear, module.php-pecl-apcu, php-pecl-rrd, php-pecl-zip, php, php-pear, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug, module.libzip, libzip. This update affects Rocky Linux 8. A Common Vulnerabili...

9.8CVSS8.3AI score0.49336EPSS
Exploits7
CNNVD
CNNVD
added 2025/12/27 12:0 a.m.6 views

PHP 安全漏洞

PHP is a scripting language executed server-side by PHP Open Source. A security vulnerability exists in PHP versions prior to 8.1.34, 8.2.30, 8.3.29, 8.4.16, and 8.5.1, which stems from a null pointer dereference in the PDO PostgreSQL driver that could cause a crash...

8.2CVSS6AI score0.00573EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/12/27 12:0 a.m.5 views

RockyLinux 8 : php:7.4 (RLSA-2023:2903)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2903 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-' cooki...

9.8CVSS7.4AI score0.49336EPSS
Exploits7References13
Rows per page
Query Builder