CLSA-2025-1754342894 php: Fix of CVE-2025-6491

CVE-2025-6491: fix buffer overflow vulnerability...

OPENSUSE-SU-2026:10693-1 icinga-php-library-0.19.2-1.1 on GA media

These are all security issues fixed in the icinga-php-library-0.19.2-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-37367

These are all security issues fixed in the icinga-php-library-0.19.2-1.1 package on the GA media of openSUSE Tumbleweed...

Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input

...

UBUNTU-CVE-2026-6409

A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...

Linux Distros Unpatched Vulnerability : CVE-2026-6409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messagesspecifically thos...

CVE-2026-34236

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

CVE-2026-33942

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize in AccessTokenAuthenticator::unserialize to restore OAuth token state from cache or storage, with allowedclasses = true. An attacker who can control the serialized...

CVE-2026-33183

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments e.g. ../traversal or ../../etc/passwd resulted in a pat...

CVE-2026-33942 Saloon has insecure deserialization in AccessTokenAuthenticator (object injection / RCE)

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize in AccessTokenAuthenticator::unserialize to restore OAuth token state from cache or storage, with allowedclasses = true. An attacker who can control the serialized...

GHSA-P2GH-CFQ4-4WJC Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion

Impact A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability. Patches...

PT-2026-33338

Name of the Vulnerable Software and Affected Versions Protobuf PHP versions prior to 5.34.0-RC1 Protobuf PHP versions prior to 4.33.6 Description A Denial of Service DoS issue exists during the parsing of untrusted input. Maliciously structured messages, specifically those containing negative...

SUSE CVE-2026-33204

SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...

CLSA-2026-1772120065 php: Fix of CVE-2017-8923

CVE-2017-8923: fix integer overflow when concatenating strings...

CLSA-2026-1769686676 php: Fix of 2 CVEs

CVE-2025-1220: add null byte validation and fix hostname formatting to prevent null byte truncation that could bypass hostname access checks - CVE-2025-6491: fix NULL pointer dereference in PHP SOAP Extension via Large XML namespace prefix...

CLSA-2026-1768300005 php: Fix of CVE-2025-14178

CVE-2025-14178: fix integer overflow in the precomputation of element counts using zendhashnumelements...

Security update for icinga-php-library, icingaweb2 (moderate)

openSUSE Security Update: Security update for icinga-php-library, icingaweb2 Announcement ID: openSUSE-SU-2025:0473-1 Rating: moderate References: Cross-References: CVE-2025-27404 CVE-2025-27405 CVE-2025-27609 CVE-2025-30164 CVSS scores: CVE-2025-27404 SUSE: 7.6...

CVE-2025-14761

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

UBUNTU-CVE-2025-14761

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

EUVD-2007-4718

Malware in sbrugna...