537 matches found
PHP 8.4.x < 8.4.23
The version of PHP installed on the remote host is prior to 8.4.23. It is, therefore, affected by a vulnerability as referenced in the Version 8.4.23 advisory. - In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementatio...
SUSE CVE-2026-14355
In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...
CVE-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD
In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...
CVE-2026-8705
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...
TencentOS Server 4: php (TSSA-2026:0342)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0342 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Important: php
Issue Overview: In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains...
Astra Linux – Vulnerability in PHP 7.3
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, the passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hashes end up in the password database, it may allow an application to accept any password for that entry as valid...
Astra Linux – Vulnerability in PHP 7.3, PHP 8.1
In PHP versions 8.1. before 8.1.30, and 8.2. before 8.2.24, as well as 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could result in legitimate data not being processed. This could allow malicious attackers to control a portion of the submitted dat...
Astra Linux – Vulnerability in PHP 8.1, PHP 7.3
In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, and 8.3. before 8.3.5, if a password stored using passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions before 7.4.31, 8.0.24, and 8.1.11, the phar uncompressor code would recursively uncompress “quines” gzip files, resulting in an infinite loop...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21, and 8.0.x below 8.0.8, when using URL validation functionality via the filterVar function with the FILTERVALIDATEURL parameter, a URL with an invalid password field can be accepted as valid. This can cause the code to incorrectly parse the...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15, and 8.0.x below 8.0.2, when using the SOAP extension to connect to a SOAP server, a malicious SOAP server may return malformed XML data as a response. This could cause PHP to access a null pointer, resulting in a crash...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when the pdomysql extension with the mysqlnd driver is used, if the third-party provider is allowed to provide the host and the connection password, an excessively long password can trigger a buffer overflow in PHP,...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-021483)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021483 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointer...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-021474)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021474 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process...
PT-2026-41550
Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp abspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wp abspath values to simp...
BIT-PHP-2026-6722 Use-After-Free in SOAP using Apache map
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...
BIT-PHP-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
BIT-PHP-MIN-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...
BIT-PHP-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...