RLSA-2025:7432 Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

RLSA-2025:4263 Moderate: php:8.1 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

php:8.2 security update

An update is available for php-pecl-zip, module.php-pecl-apcu, php-pecl-xdebug3, module.php, module.php-pecl-xdebug3, php-pecl-rrd, php, module.php-pecl-zip, php-pecl-apcu, module.php-pecl-rrd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a...

php:8.3 security update

An update is available for php-pecl-zip, module.php-pecl-apcu, php-pecl-xdebug3, module.php, php-pecl-redis6, module.php-pecl-xdebug3, php-pecl-rrd, php, module.php-pecl-zip, php-pecl-apcu, module.php-pecl-redis6, module.php-pecl-rrd. This update affects Rocky Linux 9. A Common Vulnerability...

php:8.1 security update

An update is available for php-pecl-zip, module.php-pecl-apcu, php-pecl-xdebug3, module.php, module.php-pecl-xdebug3, php-pecl-rrd, php, module.php-pecl-zip, php-pecl-apcu, module.php-pecl-rrd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a...

RLSA-2025:7418 Important: php:8.3 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 php: Streams HTTP wrapper...

CVE-2025-54366 FreeScout's deserialization of untrusted data leads to Remote Code Execution

FreeScout is a lightweight free open source help desk and shared inbox built with PHP Laravel framework. In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APPKEY to achieve remo...

Ubuntu: Security Advisory (USN-7645-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-24779

CVE-2025-24779 concerns WordPress/Yogi: deserialization of untrusted data in NooTheme Yogi up to v2.9.0, enabling object injection. Descriptions across CNVD, Red Hat, NVD and PCI/Vuln sources indicate potential bypass of privilege authentication and access to restricted resources via deserializat...

CVE-2025-31422

Vulnerability: CVE-2025-31422 in designthemes Visual Art | Gallery WordPress Theme (

CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

CVE-2025-6491 NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...

PT-2025-29378

Name of the Vulnerable Software and Affected Versions Tanium Comply affected versions not specified PHP versions 8.8.4.10.1.1 Description Tanium Comply had an issue with incorrect default permissions. A remote code execution issue exists in PHP version 8.8.4.10.1.1. Recommendations At the moment,...

php8-8.4.10-1.1 on GA media (moderate)

php8-8.4.10-1.1 on GA media Announcement ID: openSUSE-SU-2025:15340-1 Rating: moderate Cross-References: CVE-2025-1220 CVE-2025-1735 CVE-2025-6491 CVSS scores: CVE-2025-1220 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2025-1220 SUSE : 9.1...

OESA-2025-1762 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

FreeBSD : php -- Multiple vulnerabilities (d607b12c-5821-11f0-ab92-f02f7497ecda)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d607b12c-5821-11f0-ab92-f02f7497ecda advisory. php.net reports: Tenable has extracted the preceding description block directly from the FreeB...

CVE-2025-30992 WordPress Puca theme <= 2.6.33 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue affects Puca: from n/a through = 2.6.33...

CVE-2025-32298

CVE-2025-32298 concerns the WordPress CTUsers plugin (versions through 1.0.0). The vulnerability is an improper control of the filename used with include/require, i.e., a PHP Remote File Inclusion that enables PHP Local File Inclusion. The issue affects CTUsers up to 1.0.0 and is categorized with...

CVE-2025-52826 WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3...

PT-2025-27123 · Unknown · Thembay Diza

Name of the Vulnerable Software and Affected Versions: thembay Diza versions 1.3.9 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This ...