CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

99 matches found

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15, and 8.0.x below 8.0.2, when using the SOAP extension to connect to a SOAP server, a malicious SOAP server may return malformed XML data as a response. This could cause PHP to access a null pointer, resulting in a crash...

7.5CVSS7AI score0.03093EPSS

Exploits0References2

Tenable Nessus•added 2026/05/27 12:0 a.m.•10 views

Amazon Linux 2 : php, --advisory ALAS2-2026-3316 (ALAS-2026-3316)

The version of php installed on the remote host is prior to 5.4.16-46. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3316 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object...

9.8CVSS6.1AI score0.00505EPSS

Exploits0References4

Amazon•added 2026/05/26 12:0 a.m.•10 views

Important: php

Issue Overview: In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains...

9.8CVSS6.1AI score0.00505EPSS

Exploits0

Amazon•added 2026/05/26 12:0 a.m.•12 views

Important: php8.3

9.8CVSS6.4AI score0.00505EPSS

Exploits1

Amazon•added 2026/05/26 12:0 a.m.•8 views

Important: php8.2

9.8CVSS6.4AI score0.00505EPSS

Exploits1

Tenable Nessus•added 2026/05/18 12:0 a.m.•8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-021483)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021483 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointer...

9.8CVSS6.1AI score0.00505EPSS

Exploits0References4

OSV•added 2026/05/15 2:3 p.m.•9 views

OESA-2026-2344 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS6.5AI score0.00505EPSS

Exploits1References9

OSV•added 2026/05/15 2:3 p.m.•12 views

OESA-2026-2342 php security update

9.8CVSS6.4AI score0.00505EPSS

Exploits1References9

OSV•added 2026/05/12 8:56 a.m.•12 views

BIT-PHP-MIN-2026-6722 Use-After-Free in SOAP using Apache map

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.8CVSS6.1AI score0.00505EPSS

Exploits0References2

OSV•added 2026/05/12 8:56 a.m.•6 views

BIT-PHP-2026-6722 Use-After-Free in SOAP using Apache map

9.8CVSS6.1AI score0.00505EPSS

Exploits0References2

OSV•added 2026/05/12 8:50 a.m.•24 views

BIT-LIBPHP-2026-6722 Use-After-Free in SOAP using Apache map

9.8CVSS6.1AI score0.00505EPSS

Exploits0References2