OPENSUSE-SU-2026:10962-1 php8-8.5.7-1.1 on GA media

These are all security issues fixed in the php8-8.5.7-1.1 package on the GA media of openSUSE Tumbleweed...

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses...

CVE-2026-6722 vulnerabilities

Vulnerabilities for packages: php...

CVE-2026-7261 vulnerabilities

Vulnerabilities for packages: php...

CVE-2025-14179 vulnerabilities

Vulnerabilities for packages: php...

CVE-2026-7568 vulnerabilities

Vulnerabilities for packages: php...

CVE-2026-7262 vulnerabilities

Vulnerabilities for packages: php...

CVE-2026-6722 affecting package php for versions less than 8.3.31-1

CVE-2026-6722 affecting package php for versions less than 8.3.31-1. A patched version of the package is available...

CVE-2026-7262 affecting package php for versions less than 8.3.31-1

CVE-2026-7262 affecting package php for versions less than 8.3.31-1. A patched version of the package is available...

CVE-2026-7258 affecting package php for versions less than 8.3.31-1

CVE-2026-7258 affecting package php for versions less than 8.3.31-1. A patched version of the package is available...

CVE-2026-7259 affecting package php for versions less than 8.3.31-1

CVE-2026-7259 affecting package php for versions less than 8.3.31-1. A patched version of the package is available...

CVE-2026-7261 affecting package php for versions less than 8.3.31-1

CVE-2026-7261 affecting package php for versions less than 8.3.31-1. A patched version of the package is available...

Cross-site Scripting (XSS)

Overview rhukster/dom-sanitizer is an a simple but effective DOM/SVG/MathML Sanitizer for PHP 7.4+. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the sanitize process. An attacker can cause the browser to send HTTP requests to attacker-controlled hosts, exfiltrat...

CVE-2026-25236

CVE-2026-25236 affects the PEAR PHP framework. The vulnerability is a SQL injection risk in karma queries caused by unsafe literal substitution for an IN (...) list. Root cause: unsafe literal handling in Karma DAMBLAN-related queries prior to version 1.33.0. Impact: potential SQL injection. Miti...

MiracleLinux 3 : php-5.1.6-44.0.1.AXS3 (AXSA:2014-322:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-322:02 advisory. PHP is an HTML-embedded scripting language that allows developers to write dynamically generated web pages. PHP is ideal for writing database-enabled...

MiracleLinux 4 : php-5.3.3-46.AXS4 (AXSA:2015-184:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-184:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...

MiracleLinux 4 : php-5.3.3-40.AXS4 (AXSA:2014-701:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-701:04 advisory. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP al...

MiracleLinux 3 : php-5.1.6-23.2AXS3 (AXSA:2009-38:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-38:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...

MiracleLinux 7 : php-5.4.16-48.0.6.el7.AXS7 (AXSA:2025-10014:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10014:03 advisory. CVE-2025-1217: fix handling of folded headers by the http stream parser CVE-2025-1734: fix validation of http headers with missing colon...

CVE-2025-14180 affecting package php for versions less than 8.1.34-1

CVE-2025-14180 affecting package php for versions less than 8.1.34-1. An upgraded version of the package is available that resolves this issue...