4 matches found
CVE-2026-42472
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from Redis in the RedisHandler object...
CVE-2026-23524
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
CVE-2026-23524
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize function without restricting which classes can be instantiated, which leaves users vulnerable to...
CVE-2026-23524
Laravel Reverb (laravel/reverb) prior to v1.7.0 is exposed to Remote Code Execution when horizontal scaling is enabled (REVERB_SCALING_ENABLED=true) because data from the Redis channel is deserialized with PHP unserialize() without class restrictions. Affected versions are v1.6.3 and below; vulne...