CVE-2026-7258

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

CVE-2025-53442

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Rentic rentic allows PHP Local File Inclusion.This issue affects Rentic: from n/a through = 1.1...

The vulnerability of the `php_html_entities` function in the PHP programming language allows attackers to trigger a service failure or potentially cause other adverse effects.

The vulnerability of the phphtmlentities function in the PHP programming language is caused by a numerical overflow condition. Exploiting this vulnerability can allow an attacker to cause service failures or potentially other adverse effects...

The vulnerability of the PHP interpreter allows attackers to execute arbitrary code.

The vulnerability of the SPL library implementation in ext/spl/splarray.c of the PHP interpreter lies in the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially crafted data...