Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016501)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016501 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error inconvert.quoted-printable-decode filter certain data can lead to buffer...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005838)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005838 advisory. In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functio...

Important: Red Hat Security Advisory: php:8.3 security update

An update for the php:8.3 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 9 : php:8.3 (RHSA-2026:1429)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1429 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in...

RHEL 9 : php:8.3 (RHSA-2026:1190)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1190 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in...

Oracle Linux 9 : php:8.3 (ELSA-2025-23309)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23309 advisory. php 8.3.26-1 - rebase to 8.3.26 php-pecl-apcu 5.1.23-1 - update to 5.1.23 for PHP 8.2 RHEL-14699 5.1.21-1 - update to 5.1.21 for PHP 8.1 2070040...

Unity Linux 20.1070e Security Update: php (UTSA-2025-984693)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984693 advisory. In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from...

UBUNTU-CVE-2025-1220

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...

RHSA-2025:7418 Red Hat Security Advisory: php:8.3 security update

Bulletin has no description...

RHEL 9 : php:8.3 (RHSA-2025:7418)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7418 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream...

Important: Red Hat Security Advisory: php:8.3 security update

An update for the php:8.3 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-922)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-922 advisory. NOTE:https://github.com/php/php-src/security/advisories/GHSA- rwp7-7vc6-8477https://www.tenable.com/cve/CVE-2024-11235 VersionThis vulnerability is present only in PHP 8.3+. The PHP 8.2 and...

USN-7400-1 php7.4, php8.1, php8.3 vulnerabilities

It was discovered that PHP incorrectly handle certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2024-11235 It was discovered that PHP incorrectly handle certain folded headers. An attacker could possibly use this issue to cause a crash or...

CVE-2024-11236

CVE-2024-11236 affects PHP versions with ldap_escape() on 32-bit systems where uncontrolled long inputs can overflow an integer, causing an out-of-bounds write. Affected are PHP 8.1.x before 8.1.31, 8.2.x before 8.2.26, and 8.3.x before 8.3.14. The issue is described in multiple sources, includin...

openSUSE 15 Security Update : cacti, cacti-spine (openSUSE-SU-2024:0274-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0274-1 advisory. - cacti 1.2.27: CVE-2024-34340: Authentication Bypass when using using older password hashes boo1224240 CVE-2024-25641: RCE vulnerability when...

openSUSE 15 Security Update : cacti, cacti-spine (openSUSE-SU-2024:0276-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0276-1 advisory. - cacti 1.2.27: CVE-2024-34340: Authentication Bypass when using using older password hashes boo1224240 CVE-2024-25641: RCE vulnerability when...

OPENSUSE-SU-2024:0274-1 Security update for cacti, cacti-spine

This update for cacti, cacti-spine fixes the following issues: - cacti 1.2.27: CVE-2024-34340: Authentication Bypass when using using older password hashes boo1224240 CVE-2024-25641: RCE vulnerability when importing packages boo1224229 CVE-2024-31459: RCE vulnerability when plugins include files...

Exploit for OS Command Injection in Php

CVE-2024-4577 A Proof of Concept developed by @watchTowrhtt...

CVE-2024-2757

In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...

CVE-2024-2757

This CVE affects PHP mb_encode_mimeheader() in PHP 8.3.* before 8.3.5, where inputs with long non-space sequences followed by a space can cause the function to run endlessly, leading to potential DoS. The issue is confirmed in multiple sources within the connected documents, which also note a hig...