Php

746 tracked vulnerabilities.

CVE-2026-24895 CRITICAL
FrankenPHP <1.11.2 - Code Injection
Feb 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-24894 HIGH
FrankenPHP <1.11.2 - Info Disclosure
Feb 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-14180 HIGH
PHP <8.1.34, <8.2.30, <8.3.29, <8.4.16, <8.5.1 - Buffer Overflow
Dec 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-14178 MEDIUM
PHP <8.1.34, <8.2.30, <8.3.29, <8.4.16, <8.5.1 - Buffer Overflow
Dec 27, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-14177 HIGH
Php < 8.1.34 - Out-of-Bounds Read
Dec 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1735 MEDIUM
Php < 8.1.33 - SQL Injection
Jul 13, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-1220 LOW
Php < 8.1.33 - SSRF
Jul 13, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-6491 MEDIUM
Php < 8.1.33 - NULL Pointer Dereference
Jul 13, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-11235 HIGH
Php < 8.3.19 - Use After Free
Apr 04, 2025
CVSS 8.1
EPSS 0.01
CVE-2025-1861 CRITICAL
PHP <8.1.32, <8.2.28, <8.3.19, <8.4.5 - Info Disclosure
Mar 30, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-1736 HIGH
Php < 8.1.32 - Improper Input Validation
Mar 30, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-1734 MEDIUM
Php < 8.1.32 - Improper Input Validation
Mar 30, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-1219 MEDIUM
PHP <8.1.32, <8.2.28, <8.3.19, <8.4.5 - Info Disclosure
Mar 30, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-1217 LOW
PHP <8.1.32, <8.2.28, <8.3.19, <8.4.5 - Info Disclosure
Mar 29, 2025
CVSS 3.1
EPSS 0.00
CVE-2022-31631 CRITICAL
PHP <8.0.27, <8.1.15, <8.2.2 - SQL Injection
Feb 12, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-11233 MEDIUM
Php < 8.1.31 - Out-of-Bounds Write
Nov 24, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-11236 CRITICAL
Php < 8.1.31 - Out-of-Bounds Write
Nov 24, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-11234 MEDIUM
Php < 8.1.31 - Injection
Nov 24, 2024
CVSS 4.8
EPSS 0.02
CVE-2024-8929 MEDIUM
Php < 8.1.31 - Information Disclosure
Nov 22, 2024
CVSS 5.8
EPSS 0.01
CVE-2024-8932 CRITICAL
Php < 8.1.31 - Out-of-Bounds Write
Nov 22, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-9026 LOW
PHP <8.1.30, <8.2.24, <8.3.12 - Info Disclosure
Oct 08, 2024
CVSS 3.3
EPSS 0.01
CVE-2024-8927 HIGH
PHP <8.1.30, 8.2.*<8.2.24, 8.3.*<8.3.12 - Code Injection
Oct 08, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-8926 HIGH
Php < 8.1.30 - OS Command Injection
Oct 08, 2024
CVSS 8.1
EPSS 0.03
CVE-2024-8925 LOW
Php < 8.1.30 - HTTP Request Smuggling
Oct 08, 2024
CVSS 3.1
EPSS 0.02
CVE-2024-4577 CRITICALKEVNUCLEI
PHP CGI Argument Injection Remote Code Execution
Jun 09, 2024
CVSS 9.8
EPSS 0.94
Products
php 713 pear 5 archive_tar 4 php_script_index 2 pearweb 2 frankenphp 2 errordocs 1 ext-http 1 f1_maxs_file_uploader 1 imagick 1 memcached 1 mysql_banner_exchange 1 mysql_extension 1 pear_archive_tar 1 pecl_http 1 php_fi 1 phpsquidpass 1 xhprof 1 animated_smiley_generator 1 xml_rpc 1 ar_memberscript 1 blog_cms 1 bloq 1 com_extensions 1 directory_listing_script 1
Quick Filters
Critical CVEs With Exploits In CISA KEV