CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

918 matches found

Zend Server <9.13 - Cross-Site Scripting

Zend Server before version 9.13 is vulnerable to cross-site scripting via the debughost parameter. id: CVE-2018-10230 info: name: Zend Server 9.13 - Cross-Site Scripting author: marcosiaf severity: medium description: | Zend Server before version 9.13 is vulnerable to cross-site scripting via the...

6.1CVSS6.2AI score0.03364EPSS

Exploits0References4

Nuclei•added 6 days ago•11 views

Laminas Project laminas-http - Remote Code Execution

Laminas Project laminas-http 2.14.2 and Zend Framework 3.0.0 contain a deserialization vulnerability caused by destruct method in Zend\Http\Response\Stream, letting attackers control content lead to remote code execution, exploit requires attacker-controlled serialized data. id: CVE-2021-3007...

9.8CVSS7.8AI score0.92183EPSS

Exploits3References2

RedHat Linux•added 2026/02/17 10:51 a.m.•2 views

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

8.2CVSS6AI score0.00019EPSS

Exploits1References5

Github Security Blog•added 2026/02/02 11:12 p.m.•7 views

Magento's X-Original-Url header can expose admin url

Impact The admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. Patches The bug comes from the Zend library and is patche by unsetting the header in the bootstrap process. Workarounds Unset the X-Original-Url header i...

5.3CVSS5.4AI score0.0001EPSS

Exploits0References4Affected Software1

OSV•added 2026/02/02 11:12 p.m.•3 views

GHSA-JG68-VHV3-9R8F Magento's X-Original-Url header can expose admin url

5.3CVSS5.4AI score0.0001EPSS

Exploits0References4

Positive Technologies•added 2026/02/02 12:0 a.m.•3 views

PT-2026-6440

Impact The admin url can be discovered without prior knowledge of its location by exploiting the X-Original-Url header on some configurations. Patches The bug comes from the Zend library. Workarounds Unset the X-Original-Url header in the web server configuration. Resources...

5.3CVSS5.6AI score0.0001EPSS

Exploits0References5

OSV•added 2026/01/26 4:39 p.m.•2 views

CLSA-2026-1769445556 php: Fix of CVE-2025-14178

CVE-2025-14178: fix heap buffer overflow in arraymerge due to integer overflow in zendhashnumelements precomputation...

8.2CVSS6.8AI score0.00019EPSS

Exploits1References1

OSV•added 2026/01/13 10:26 a.m.•3 views

CLSA-2026-1768300005 php: Fix of CVE-2025-14178

CVE-2025-14178: fix integer overflow in the precomputation of element counts using zendhashnumelements...

8.2CVSS5.8AI score0.00019EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:53 a.m.•5 views

CVE-2009-4417

The shutdown function in the ZendLogWriterMail class in Zend Framework ZF allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."...

5CVSS6.9AI score0.0025EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:46 a.m.•5 views

CVE-2015-0270

Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter...

9.8CVSS7.9AI score0.00331EPSS

Exploits0References1