php

756 tracked vulnerabilities.

CVE-2016-1904 HIGH
PHP 7.x < 7.0.2 - Denial of Service via Heap-Based Buffer Overflow in exec.c
Jan 19, 2016
CVSS 7.3
EPSS 0.00
CVE-2016-1903 CRITICAL
PHP <5.5.31, <5.6.17, <7.0.2 - Info Disclosure/DoS
Jan 19, 2016
CVSS 9.1
EPSS 0.09
CVE-2016-1283 CRITICAL
PCRE 8.38 - Heap-Based Buffer Overflow
Jan 03, 2016
CVSS 9.8
EPSS 0.03
CVE-2015-2326 MEDIUM
PCRE < 8.37 - Denial of Service via Incorrect Regular Expression Compilation
Jan 14, 2020
CVSS 5.5
EPSS 0.01
CVE-2015-2325 HIGH
PCRE < 8.37 - Out-of-bounds Read via Repeated Forward Reference in Regular Expression
Jan 14, 2020
CVSS 7.8
EPSS 0.00
CVE-2015-9253 MEDIUM
PHP < 7.1.20 - Uncontrolled Resource Consumption via Non-Blocking STDIN Stream
Feb 19, 2018
CVSS 6.5
EPSS 0.03
CVE-2015-8994 HIGH
PHP 5.0.0-5.6.28 - Unauthenticated Script Execution via OpCache Shared Memory
Mar 02, 2017
CVSS 7.5
EPSS 0.01
CVE-2015-8935 MEDIUM
PHP < 5.4.38 - Cross-Site Scripting via Header Function Line Folding
Aug 07, 2016
CVSS 6.1
EPSS 0.01
CVE-2015-8880 CRITICAL
PHP 7.x - Double Free in Format Printer
May 22, 2016
CVSS 9.8
EPSS 0.02
CVE-2015-8879 HIGH
PHP < 5.5.38 - Denial of Service via odbc_bindcols SQL_WVARCHAR Handling
May 22, 2016
CVSS 7.5
EPSS 0.02
CVE-2015-8878 MEDIUM
PHP 5.5.0-5.5.27 - Denial of Service via Race Condition in Temporary File Handling
May 22, 2016
CVSS 5.9
EPSS 0.00
CVE-2015-8877 HIGH
libgd < 2.1.1 - Denial of Service via gdImageScaleTwoPass Memory Allocation
May 22, 2016
CVSS 7.5
EPSS 0.02
CVE-2015-8876 CRITICAL
PHP 5.4.0-5.4.43 - Denial of Service via Crafted Serialized Exception Data
May 22, 2016
CVSS 9.8
EPSS 0.09
CVE-2015-8867 HIGH
PHP < 5.4.44 - Insecure Cryptographic Randomness via Deprecated RAND_pseudo_bytes
May 22, 2016
CVSS 7.5
EPSS 0.13
CVE-2015-8866 CRITICAL
PHP < 5.5.22 - XML External Entity Injection via libxml_disable_entity_loader Bypass
May 22, 2016
CVSS 9.6
EPSS 0.04
CVE-2015-8865 HIGH
PHP < 5.5.34, 5.6.x < 5.6.20, 7.x < 7.0.5 - Buffer Overflow in Fileinfo Component
May 20, 2016
CVSS 7.3
EPSS 0.01
CVE-2015-8874 HIGH
Opensuse Leap < 5.6.11 - Memory Corruption
May 16, 2016
CVSS 7.5
EPSS 0.04
CVE-2015-8873 HIGH
PHP < 5.4.44 - Denial of Service via Recursive Method Calls
May 16, 2016
CVSS 7.5
EPSS 0.03
CVE-2015-8838 MEDIUM
PHP < 5.4.43, 5.5.x < 5.5.27, 5.6.x < 5.6.11 - Cleartext Downgrade Attack via MySQLnd SSL Option
May 16, 2016
CVSS 5.9
EPSS 0.01
CVE-2015-8835 CRITICAL
PHP < 5.4.44, 5.5.x < 5.5.28, 5.6.x < 5.6.12 - Denial of Service via SoapClient _cookies Array Deserialization
May 16, 2016
CVSS 9.8
EPSS 0.04
CVE-2015-6838 HIGH
PHP < 5.4.45, 5.5.x < 5.5.29, 5.6.x < 5.6.13 - Denial of Service via NULL Pointer Dereference in xsl_ext_function_php
May 16, 2016
CVSS 7.5
EPSS 0.04
CVE-2015-6837 HIGH
PHP < 5.4.45, 5.5.x < 5.5.29, 5.6.x < 5.6.13 - Denial of Service via NULL Pointer Dereference in xsl_ext_function_php
May 16, 2016
CVSS 7.5
EPSS 0.04
CVE-2015-6835 CRITICAL
Joomla HTTP Header Unauthenticated Remote Code Execution
May 16, 2016
CVSS 9.8
EPSS 0.23
CVE-2015-6834 CRITICAL
PHP < 5.4.45 - Remote Code Execution via Unserialization Use-After-Free
May 16, 2016
CVSS 9.8
EPSS 0.38
CVE-2015-5589 CRITICAL
PHP <5.4.43, 5.5.x <5.5.27, 5.6.x <5.6.11 - DoS
May 16, 2016
CVSS 9.8
EPSS 0.10
Products
php 723 pear 5 archive_tar 4 frankenphp 2 pearweb 2 php_script_index 2 animated_smiley_generator 1 ar_memberscript 1 blog_cms 1 bloq 1 com_extensions 1 directory_listing_script 1 errordocs 1 ext-http 1 f1_maxs_file_uploader 1 imagick 1 memcached 1 mysql_banner_exchange 1 mysql_extension 1 pear_archive_tar 1 pecl_http 1 php_fi 1 phpsquidpass 1 xhprof 1 xml_rpc 1
Quick Filters
Critical CVEs With Exploits In CISA KEV