Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

534 matches found

Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.12 views

PT-2026-40293

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb convert encoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00436EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.8 views

PT-2026-40304

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.8CVSS6.1AI score0.00505EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.12 views

PT-2026-40281

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.13 views

PT-2026-40294

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.8CVSS6.1AI score0.00505EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.9 views

PT-2026-40278

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb convert encoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00436EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.11 views

PT-2026-40307

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.11 views

PT-2026-40298

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAP PERSISTENCE SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the...

9.8CVSS5.8AI score0.00302EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.14 views

PT-2026-40285

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS5.8AI score0.00269EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.12 views

PT-2026-40302

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

9.8CVSS5.8AI score0.00261EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.12 views

PT-2026-40297

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.11 views

PT-2026-40301

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

7.5CVSS5.8AI score0.00241EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/05/11 2:17 p.m.11 views

SUSE CVE-2026-7258

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

8.6CVSS5.8AI score0.00337EPSS
Exploits0References13
SUSE CVE
SUSE CVEadded 2026/05/11 2:17 p.m.8 views

SUSE CVE-2026-7263

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS5.8AI score0.00269EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2026/05/11 2:17 p.m.10 views

SUSE CVE-2026-7568

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

7CVSS5.9AI score0.00241EPSS
Exploits0References13
Tenable Nessus
Tenable Nessusadded 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: php (UTSA-2026-017556)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017556 advisory. In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root a...

7.8CVSS6.9AI score0.01337EPSS
Exploits1References4
NVD
NVDadded 2026/05/10 6:16 a.m.22 views

CVE-2026-7263

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS0.00269EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/05/10 6:16 a.m.10 views

CVE-2026-7263

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS5.8AI score0.00269EPSS
Exploits0References2
NVD
NVDadded 2026/05/10 5:16 a.m.29 views

CVE-2026-7262

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

7.5CVSS0.0045EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/05/10 5:16 a.m.11 views

CVE-2026-7258

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/10 4:43 a.m.7 views

CVE-2026-7263 DoS attack via DOMNode::C14N()

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

6.3CVSS5.8AI score0.00269EPSS
Exploits0References1
Rows per page
Query Builder