Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

93283 matches found

OSV
OSVadded 2026/05/12 8:55 a.m.9 views

BIT-PHP-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00436EPSS
Exploits0References2
OSV
OSVadded 2026/05/12 8:55 a.m.12 views

BIT-PHP-MIN-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

9.8CVSS5.8AI score0.00261EPSS
Exploits0References2
OSV
OSVadded 2026/05/12 8:55 a.m.7 views

BIT-PHP-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

9.8CVSS5.9AI score0.00261EPSS
Exploits0References2
OSV
OSVadded 2026/05/12 8:50 a.m.9 views

BIT-LIBPHP-2026-7568 Signed integer overflow in metaphone()

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

7.5CVSS5.8AI score0.00241EPSS
Exploits0References2
OSV
OSVadded 2026/05/12 8:50 a.m.4 views

BIT-LIBPHP-2026-7263 DoS attack via DOMNode::C14N()

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS5.8AI score0.00269EPSS
Exploits0References2
OSV
OSVadded 2026/05/12 8:50 a.m.5 views

BIT-LIBPHP-2026-6735 XSS within PHP-FPM status endpoint

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References2
OSV
OSVadded 2026/05/12 8:50 a.m.24 views

BIT-LIBPHP-2026-6722 Use-After-Free in SOAP using Apache map

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.8CVSS6.1AI score0.00505EPSS
Exploits0References2
OSV
OSVadded 2026/05/12 8:50 a.m.6 views

BIT-LIBPHP-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00436EPSS
Exploits0References2
OSV
OSVadded 2026/05/12 8:50 a.m.4 views

BIT-LIBPHP-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

9.8CVSS5.9AI score0.00261EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2026/05/12 7:43 a.m.113 views

Exploit for CVE-2026-5718

CVE-2026-5718 Local Docker Lab Local-only vulnerable vs patch...

8.1CVSS6.2AI score0.04175EPSS
Exploits3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.12 views

PT-2026-40294

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.8CVSS6.1AI score0.00505EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.10 views

PT-2026-40307

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.7 views

PT-2026-40304

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.8CVSS6.1AI score0.00505EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.11 views

PT-2026-40293

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb convert encoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00436EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.10 views

PT-2026-40297

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.10 views

PT-2026-40301

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

7.5CVSS5.8AI score0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.10 views

PT-2026-40295

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.12 views

PT-2026-40296

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.9 views

PT-2026-40281

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.9 views

PT-2026-40280

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References3
Rows per page
Query Builder