Linux Distros Unpatched Vulnerability : CVE-2026-41570

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test executi...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the settingsToParameters process. An attacker can execute arbitrary code and alter the configuration of child processes by injecting newline characters into PHP INI values that are forwarded to child processes. This...

Linux Distros Unpatched Vulnerability : CVE-2026-24765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe...

CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

USN-7171-1: PHPUnit vulnerability

It was discovered that PHPUnit incorrectly handled web requests if exposed to the internet. An attacker could possibly use this issue to achive remote code execution or obtain sensitive information...

Ubuntu 16.04 LTS : PHPUnit vulnerability (USN-7171-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7171-1 advisory. It was discovered that PHPUnit incorrectly handled web requests if exposed to the internet. An attacker could possibly use this issue to achive remote code...

Exploit for Code Injection in Phpunit_Project Phpunit

VulnerabilityScanner for PHPUnit RCE A specialized vulne...

GHSA-C5X3-GQ36-PRRP PHPUnit extension for TYPO3 vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

PT-2017-4155

Name of the Vulnerable Software and Affected Versions PHPUnit versions 4.8.19 through 4.8.27 PHPUnit versions 5.x before 5.6.3 Description The issue is related to the Util/PHP/eval-stdin.php component in PHPUnit, which allows remote attackers to execute arbitrary PHP code via HTTP POST data...