CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

107 matches found

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

7.5CVSS5.7AI score0.00021EPSS

Exploits0References5

RedHat Linux•added 3 days ago•6 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

7.5CVSS5.7AI score0.00021EPSS

Exploits0References5

RedHat Linux•added 4 days ago•10 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

7.5CVSS5.7AI score0.00021EPSS

Exploits0References5

RedHat Linux•added 4 days ago•9 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

7.5CVSS5.7AI score0.00021EPSS

Exploits0References5

RedHat Linux•added 4 days ago•12 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

7.5CVSS5.7AI score0.00021EPSS

Exploits0References5

OSV•added 2026/05/27 1:18 p.m.•3 views

CLSA-2026-1779887887 Fix CVE(s): CVE-2026-7258

SECURITY UPDATE: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - debian/patches/CVE-2026-7258.patch: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - CVE-2026-7258...

7.5CVSS5.8AI score0.00021EPSS

Exploits0References1

Tenable Nessus•added 2026/05/27 12:0 a.m.•6 views

Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2026-011 (ALASPHP8.2-2026-011)

The version of php installed on the remote host is prior to 8.2.31-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2026-011 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's...

9.8CVSS6.4AI score0.00369EPSS

Exploits1References16

OSV•added 2026/05/20 2:8 p.m.•6 views

CLSA-2026-1779121308 php: Fix of 3 CVEs

CVE-2026-7258: fix signed-char passing to ctype.h functions in urldecode and url parsing GHSA-m8rr-4c36-8gq4 - CVE-2026-7262: fix NULL check in tozvalmap using wrong variable xmlKey instead of xmlValue, causing crash in SOAP typemap decoding GHSA-hmxp-6pc4-f3vv - CVE-2026-7568: fix signed integer...

7.5CVSS5.9AI score0.00123EPSS

Exploits0References1

OSV•added 2026/05/19 3:21 p.m.•2 views

CLSA-2026-1779204107 php: Fix of 6 CVEs

CVE-2026-6722: fix stale SOAPGLOBAL refmap pointer with Apache Map GHSA-85c2-q967-79q5 - CVE-2026-7262: fix broken Apache map value NULL check in soap encoder GHSA-hmxp-6pc4-f3vv - CVE-2026-7568: fix signed integer overflow of char array offset in metaphone GHSA-96wq-48vp-hh57 - CVE-2026-7261:...

9.8CVSS5.9AI score0.00369EPSS

Exploits0References1

RedhatCVE•added 2026/05/15 4:13 p.m.•6 views

CVE-2026-7258

7.5CVSS5.6AI score0.00021EPSS

Exploits0References4

OSV•added 2026/05/12 8:56 a.m.•3 views

BIT-PHP-MIN-2026-7258 Out-of-bounds read in urldecode() on NetBSD

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

7.5CVSS5.8AI score0.00021EPSS

Exploits0References2

OSV•added 2026/05/12 8:56 a.m.•4 views

BIT-PHP-2026-7258 Out-of-bounds read in urldecode() on NetBSD

7.5CVSS5.8AI score0.00021EPSS

Exploits0References2

OSV•added 2026/05/12 8:50 a.m.•3 views

BIT-LIBPHP-2026-7258 Out-of-bounds read in urldecode() on NetBSD

7.5CVSS5.8AI score0.00021EPSS

Exploits0References2