93294 matches found
CVE-2026-6104
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
CVE-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
CVE-2026-6104
CVE-2026-6104 affects PHP 8.4.x before 8.4.21 and 8.5.x before 8.5.6. When an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, code assumes that strncasecmp() returning 0 guarantees equal length, enabling an out-of-bounds read of glob...
EUVD-2026-28968
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...
CVE-2026-7258
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...
CVE-2026-7258
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...
CVE-2026-6722 Use-After-Free in SOAP using Apache map
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...
CVE-2026-6722
CVE-2026-6722 describes a use-after-free in PHP’s SOAP extension object deduplication. In affected PHP versions (8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21, and 8.5.x before 8.5.6), the global map stores object pointers without proper reference counting. If an apache:Map node c...
CVE-2026-6722
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...
EUVD-2026-28969
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...
CVE-2026-7259
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...
CVE-2026-7259
CVE-2026-7259 describes a NULL pointer dereference in PHP due to a mismatch between Oniguruma and mbfl encoding lists, exploitable when user-controlled input influences the encoding passed to mb_regex_encoding(). The issue affects PHP 8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21,...
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...
EUVD-2026-28970
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...
CVE-2026-7261
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...
CVE-2026-7261
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...
CVE-2026-7262
CVE-2026-7262 affects PHP 8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21, and 8.5.x before 8.5.6. When a SOAP server uses a typemap, the decoding process checks the wrong variable for missing value elements, which can dereference a NULL pointer and crash the PHP SOAP server, causin...