Lucene search
K

534 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-8877

Malicious code in bioql PyPI...

5.3CVSS7.1AI score0.01945EPSS
Exploits1References13
Gitee
Gitee
added 2025/09/06 2:15 a.m.81 views

php-saml

This is a PHP SAML toolkit for adding SAML support to PHP software. It is a library provided and supported by OneLogin Inc. The library is compatible with PHP versions greater than 7.1. The library includes features such as: Support for SAML 2.0 Support for SAML 1.1 Support for SAML 1.0 Support f...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2024-9026

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through...

3.3CVSS6.7AI score0.00482EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-8932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescape function on 32-bit systems can cause a...

9.8CVSS6.9AI score0.01284EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-3247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for...

4.3CVSS6.8AI score0.00709EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-1734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers...

6.3CVSS6.2AI score0.00463EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-6491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML...

5.9CVSS7.2AI score0.00944EPSS
Exploits1References3
OSV
OSV
added 2025/08/11 1:54 p.m.4 views

BIT-LIBPHP-2025-1861 Stream HTTP wrapper truncates redirect location to 1024 bytes

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

9.8CVSS7.3AI score0.0079EPSS
Exploits0References4
OSV
OSV
added 2025/08/11 1:53 p.m.5 views

BIT-LIBPHP-2023-3824 Buffer overflow and overread in phar_dir_read()

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

9.8CVSS9.1AI score0.08003EPSS
Exploits3References5
OSV
OSV
added 2025/08/11 1:53 p.m.5 views

BIT-LIBPHP-2022-31626 mysqlnd/pdo password buffer overflow

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can...

8.8CVSS8.7AI score0.5838EPSS
Exploits2References8
OSV
OSV
added 2025/08/11 1:53 p.m.8 views

BIT-LIBPHP-2021-21707 Special characters break path parsing in XML functions

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

5.3CVSS7.1AI score0.25951EPSS
Exploits1References6
OSV
OSV
added 2025/08/11 1:53 p.m.3 views

BIT-LIBPHP-2021-21704 Multiple vulnerabilities in Firebird client extension

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...

5.9CVSS7.2AI score0.01724EPSS
Exploits1References7
OSV
OSV
added 2025/08/11 1:53 p.m.4 views

BIT-LIBPHP-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

5.3CVSS7.3AI score0.02983EPSS
Exploits1References8
OSV
OSV
added 2025/08/11 1:53 p.m.4 views

BIT-LIBPHP-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

5.5CVSS7.2AI score0.01599EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-1220

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname...

5.3CVSS6.2AI score0.00514EPSS
Exploits1References3
OSV
OSV
added 2025/07/16 8:19 a.m.6 views

BIT-PHP-MIN-2025-1220 Null byte termination in hostnames

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...

5.3CVSS6.4AI score0.00514EPSS
Exploits1References4
OSV
OSV
added 2025/07/16 8:19 a.m.5 views

BIT-PHP-2025-1220 Null byte termination in hostnames

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...

5.3CVSS6.4AI score0.00514EPSS
Exploits1References4
CVE
CVE
added 2025/07/13 10:27 p.m.122 views

CVE-2025-1735

CVE-2025-1735 affects PHP pgsql and pdo_pgsql escaping functions across PHP 8.1–8.4 that do not check errors from underlying quoting functions, potentially causing crashes if the Postgres server rejects input. Affected: PHP 8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.*. Roo...

7.5CVSS9.4AI score0.00953EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/07/13 10:18 p.m.10 views

CVE-2025-1220 Null byte termination in hostnames

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...

3.7CVSS0.00514EPSS
Exploits1References1
CVE
CVE
added 2025/07/13 10:18 p.m.159 views

CVE-2025-1220

CVE-2025-1220 (PHP Hostname Null Character Vulnerability) affects PHP 8.1.x/8.2.x/8.3.x/8.4.x prior to patched releases. Public advisories (ALSA 2026-1409, Astra Linux, ALAS2023-2025-1087/1088/1113, etc.) indicate the issue arises from fsockopen/hostname handling and can affect access checks. Rem...

5.3CVSS6.5AI score0.00514EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder