php

756 tracked vulnerabilities.

CVE-2026-7263 HIGH
DoS attack via DOMNode::C14N()
May 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-6104 CRITICAL
Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
May 10, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-7568 HIGH
Signed integer overflow in metaphone()
May 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-7262 HIGH
NULL pointer dereference in SOAP apache:Map decoder with missing <value>
May 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-7261 CRITICAL
SoapServer session-persisted object use-after-free via SOAP header fault
May 10, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-7259 MEDIUM
Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
May 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-7258 HIGH
Out-of-bounds read in urldecode() on NetBSD
May 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-6735 MEDIUM
XSS within PHP-FPM status endpoint
May 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-6722 CRITICAL
Use-After-Free in SOAP using Apache map
May 10, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-24895 CRITICAL
FrankenPHP <1.11.2 - Code Injection
Feb 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-24894 HIGH
FrankenPHP <1.11.2 - Info Disclosure
Feb 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-14179 CRITICAL
SQL injection in pdo_firebird via NUL bytes in quoted strings
May 10, 2026
CVSS 9.8
EPSS 0.00
CVE-2025-14180 HIGH
PHP <8.1.34, <8.2.30, <8.3.29, <8.4.16, <8.5.1 - Buffer Overflow
Dec 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-14178 MEDIUM
PHP <8.1.34, <8.2.30, <8.3.29, <8.4.16, <8.5.1 - Buffer Overflow
Dec 27, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-14177 HIGH
PHP 8.1.0-8.1.33, 8.2.0-8.2.29, 8.3.0-8.3.28, 8.4.0-8.4.15, 8.5.0 - Out-of-bounds Read in getimagesize()
Dec 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1735 MEDIUM
PHP 8.1.0-8.1.32 - Denial of Service via PostgreSQL Escaping Function Error Handling
Jul 13, 2025
CVSS 5.9
EPSS 0.01
CVE-2025-1220 LOW
PHP 8.1-8.4 fsockopen - Null Byte Hostname Validation Bypass
Jul 13, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-6491 MEDIUM
PHP 8.1.0-8.1.32 - Null Pointer Dereference in SOAP XML Namespace Prefix Parsing
Jul 13, 2025
CVSS 5.9
EPSS 0.01
CVE-2025-1861 CRITICAL
PHP <8.1.32, <8.2.28, <8.3.19, <8.4.5 - Info Disclosure
Mar 30, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-1736 HIGH
PHP 8.1.0-8.1.31, 8.2.0-8.2.27, 8.3.0-8.3.18, 8.4.0-8.4.4 - Improper Input Validation in Header Handling
Mar 30, 2025
CVSS 7.3
EPSS 0.01
CVE-2025-1734 MEDIUM
PHP 8.1.0-8.1.31, 8.2.0-8.2.27, 8.3.0-8.3.18, 8.4.0-8.4.4 - Improper Input Validation in HTTP Header Parsing
Mar 30, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-1219 MEDIUM
PHP <8.1.32, <8.2.28, <8.3.19, <8.4.5 - Info Disclosure
Mar 30, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-1217 LOW
PHP <8.1.32, <8.2.28, <8.3.19, <8.4.5 - Info Disclosure
Mar 29, 2025
CVSS 3.1
EPSS 0.00
CVE-2024-11235 HIGH
PHP 8.3.0-8.3.18 and 8.4.0-8.4.4 - Use-After-Free via __set Handler or ??= Operator
Apr 04, 2025
CVSS 8.1
EPSS 0.01
CVE-2024-11233 MEDIUM
PHP 8.1.0-8.1.30 - Heap-based Buffer Overflow in convert.quoted-printable-decode Filter
Nov 24, 2024
CVSS 4.8
EPSS 0.01
Products
php 723 pear 5 archive_tar 4 frankenphp 2 pearweb 2 php_script_index 2 animated_smiley_generator 1 ar_memberscript 1 blog_cms 1 bloq 1 com_extensions 1 directory_listing_script 1 errordocs 1 ext-http 1 f1_maxs_file_uploader 1 imagick 1 memcached 1 mysql_banner_exchange 1 mysql_extension 1 pear_archive_tar 1 pecl_http 1 php_fi 1 phpsquidpass 1 xhprof 1 xml_rpc 1
Quick Filters
Critical CVEs With Exploits In CISA KEV