CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

532 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в php8.1

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, and 8.5. before 8.5.1, when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting...

8.2CVSS7.2AI score0.00047EPSS

Exploits2References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в php7.3

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

5.5CVSS7.3AI score0.00014EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в php7.3

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, the passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hashes end up in the password database, it may allow an application to accept any password for that entry as valid...

8.1CVSS6.7AI score0.00142EPSS

Exploits1References2

GithubExploit•added 2026/03/14 2:43 p.m.•107 views

Exploit for Out-of-bounds Read in Php

CVE-2022-31630 – Proof of Concept Exploit Peringatan: Kode ini...

7.1CVSS7.5AI score0.00046EPSS

Exploits3

Tenable Nessus•added 2026/03/02 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005380)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005380 advisory. In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient...

7.3CVSS6AI score0.00546EPSS

Exploits0References3

Tenable Nessus•added 2026/03/01 12:0 a.m.•2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005378)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005378 advisory. In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP...

9.8CVSS6AI score0.0103EPSS

Exploits0References3

NVD•added 2026/01/17 8:15 a.m.•2 views

CVE-2025-14478

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...

7.5CVSS0.00137EPSS

Exploits0References4

OpenVAS•added 2026/01/15 12:0 a.m.•5 views

Ubuntu: Security Advisory (USN-7953-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS6.8AI score0.00047EPSS

Exploits4References2

OSV•added 2026/01/09 2:6 p.m.•4 views

OESA-2026-1026 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

8.2CVSS7.1AI score0.00025EPSS

Exploits3References3

OSV•added 2026/01/09 2:6 p.m.•1 views

OESA-2026-1022 php security update

8.2CVSS7.1AI score0.00047EPSS

Exploits4References4

OSV•added 2026/01/09 2:5 p.m.•2 views

OESA-2026-1020 php security update

8.2CVSS7.1AI score0.00025EPSS

Exploits3References3

OSV•added 2026/01/08 11:48 a.m.•3 views

BIT-PHP-2025-14178 Heap buffer overflow in array_merge()

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE, due to an integer overflow in the precomputation of...

8.2CVSS7.5AI score0.00019EPSS

Exploits1References3

OSV•added 2026/01/08 11:48 a.m.•2 views

BIT-PHP-2025-14177 Information Leak of Memory in getimagesize

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...

7.5CVSS6.5AI score0.00025EPSS

Exploits3References2

OSV•added 2026/01/08 11:43 a.m.•2 views

BIT-LIBPHP-2025-14178 Heap buffer overflow in array_merge()

8.2CVSS7.5AI score0.00019EPSS

Exploits1References3

SUSE CVE•added 2025/12/28 12:30 a.m.•3 views

SUSE CVE-2025-14180

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

5.9CVSS6.5AI score0.00047EPSS

Exploits2References12

OSV•added 2025/12/27 8:15 p.m.•1 views

AZL-73240 CVE-2025-14177 affecting package php for versions less than 8.1.34-1

7.5CVSS6AI score0.00025EPSS

Exploits3References1

OSV•added 2025/12/27 8:15 p.m.•1 views

CVE-2025-14177

7.5CVSS6.1AI score

Exploits0References1

OSV•added 2025/12/27 8:15 p.m.•0 views

AZL-73234 CVE-2025-14180 affecting package php for versions less than 8.1.34-1