Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2026/05/12 8:56 a.m.3 views

BIT-PHP-MIN-2026-7258 Out-of-bounds read in urldecode() on NetBSD

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

7.5CVSS5.8AI score0.00023EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/02/06 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005265)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005265 advisory. In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when t...

8.2CVSS5.8AI score0.00019EPSS
Exploits1References3
OSV
OSVadded 2026/01/28 10:13 a.m.3 views

RHSA-2026:1429 Red Hat Security Advisory: php:8.3 security update

Bulletin has no description...

7.5CVSS5.8AI score0.00047EPSS
Exploits4References18
OSV
OSVadded 2025/12/27 8:15 p.m.0 views

AZL-73198 CVE-2025-14178 affecting package php for versions less than 8.3.29-1

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE, due to an integer overflow in the precomputation of...

8.2CVSS6.1AI score0.00019EPSS
Exploits1References1
OSV
OSVadded 2025/08/11 1:54 p.m.1 views

BIT-LIBPHP-2024-2757 PHP mb_encode_mimeheader runs endlessly for some inputs

In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...

7.5CVSS7.1AI score0.00625EPSS
Exploits1References5
SUSE CVE
SUSE CVEadded 2025/02/14 5:49 a.m.2 views

SUSE CVE-2024-3096

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

4.8CVSS6.1AI score0.01069EPSS
Exploits1References12
SUSE CVE
SUSE CVEadded 2025/02/14 5:37 a.m.1 views

SUSE CVE-2024-8927

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

6.5CVSS6.8AI score0.00345EPSS
Exploits1References13
Debian CVE
Debian CVEadded 2024/11/24 1:8 a.m.16 views

CVE-2024-11233

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas...

8.2CVSS6.1AI score0.00728EPSS
Exploits1
Rows per page
Query Builder