9 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-7262
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding...
Linux Distros Unpatched Vulnerability : CVE-2026-6735
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005838)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005838 advisory. In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functio...
Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2025-1352)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1352 advisory. NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfcDEBIANBUG: 1123574 CVE-2025-1417...
anti-xss
//: AUTO-GENERATED BY "PHP README Helper": base file - doc...
Unity Linux 20.1070e Security Update: php (UTSA-2025-984693)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984693 advisory. In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from...
UBUNTU-CVE-2025-1220
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...
Fedora 39 : php-tcpdf (2024-0b2854c95b)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0b2854c95b advisory. Version 6.7.7 2024-10-26 - Update regular expression to avoid ReDoS CVE-2024-22641 - PHP 8.4 Fix: Curl CURLOPTBINARYTRANSFER deprecated 675 - SVG detection f...
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...