php

756 tracked vulnerabilities.

CVE-2024-11236 CRITICAL
PHP 8.1.0-8.1.30 - Integer Overflow via ldap_escape() Long String Input
Nov 24, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-11234 MEDIUM
PHP 8.1.0-8.1.30 - HTTP Request Smuggling via Proxy Stream URI Sanitization Bypass
Nov 24, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-8929 MEDIUM
PHP 8.1.0-8.1.30 - Out-of-bounds Read via MySQL Client Heap Disclosure
Nov 22, 2024
CVSS 5.8
EPSS 0.01
CVE-2024-8932 CRITICAL
PHP 8.1.0-8.1.30, 8.2.0-8.2.25, 8.3.0-8.3.13 - Out-of-bounds Write via ldap_escape() Integer Overflow
Nov 22, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-9026 LOW
PHP <8.1.30, <8.2.24, <8.3.12 - Info Disclosure
Oct 08, 2024
CVSS 3.3
EPSS 0.01
CVE-2024-8927 HIGH
PHP <8.1.30, 8.2.*<8.2.24, 8.3.*<8.3.12 - Code Injection
Oct 08, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-8926 HIGH
PHP 8.1.0-8.1.29 - OS Command Injection via Windows Codepage Configuration Bypass
Oct 08, 2024
CVSS 8.1
EPSS 0.03
CVE-2024-8925 LOW
PHP 8.1.0-8.1.29 - HTTP Request Smuggling via Multipart Form Data Parsing
Oct 08, 2024
CVSS 3.1
EPSS 0.02
CVE-2024-4577 CRITICAL KEVNUCLEI
PHP CGI Argument Injection Remote Code Execution
Jun 09, 2024
CVSS 9.8
EPSS 0.94
CVE-2024-2408 MEDIUM
PHP >=8.1.0 <8.1.29 - Observable Discrepancy via OpenSSL PKCS1 Padding
Jun 09, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-5585 HIGH
PHP <8.1.29, 8.2.*<8.2.20, 8.3.*<8.3.8 - Command Injection
Jun 09, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-5458 MEDIUM
PHP 8.1.* < 8.1.29, 8.2.* < 8.2.20, 8.3.* < 8.3.8 - Insufficient Verification of Data Authenticity in URL Validation
Jun 09, 2024
CVSS 5.3
EPSS 0.04
CVE-2024-3096 MEDIUM
PHP 8.1.0-8.1.27, 8.2.0-8.2.17, 8.3.0-8.3.4 - Authentication Bypass via Null Byte Prefix in Hashed Password
Apr 29, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-2757 HIGH
PHP 8.3.0-8.3.4 - Denial of Service via mb_encode_mimeheader Function
Apr 29, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-1874 CRITICAL
PHP <8.1.28, 8.2.*<8.2.18, 8.3.*<8.3.5 - Command Injection
Apr 29, 2024
CVSS 9.4
EPSS 0.69
CVE-2024-3566 CRITICAL
Windows - Command Injection
Apr 10, 2024
CVSS 9.8
EPSS 0.10
CVE-2023-3824 CRITICAL
PHP <8.0.30-8.2.8 - Buffer Overflow
Aug 11, 2023
CVSS 9.4
EPSS 0.29
CVE-2023-3823 HIGH
PHP <8.0.30, 8.1.*<8.1.22, 8.2.*<8.2.8 - Info Disclosure
Aug 11, 2023
CVSS 8.6
EPSS 0.01
CVE-2023-3247 LOW
PHP <8.0.29, <8.1.20, <8.2.7 - Info Disclosure
Jul 22, 2023
CVSS 2.6
EPSS 0.00
CVE-2023-0567 HIGH
PHP <8.0.28-8.1.16-8.2.3 - Info Disclosure
Mar 01, 2023
CVSS 7.7
EPSS 0.00
CVE-2023-0662 HIGH
PHP 8.0.0-8.0.27 - Denial of Service via HTTP Form Upload
Feb 16, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-0568 HIGH
PHP 8.0.X-8.2.X - Memory Corruption
Feb 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-31631 CRITICAL
PHP <8.0.27, <8.1.15, <8.2.2 - SQL Injection
Feb 12, 2025
CVSS 9.1
EPSS 0.01
CVE-2022-4900 MEDIUM
PHP < 8.0.22 - Heap Buffer Overflow via PHP_CLI_SERVER_WORKERS Environment Variable
Nov 02, 2023
CVSS 6.2
EPSS 0.00
CVE-2022-31630 MEDIUM
PHP <7.4.33, 8.0.25, 8.1.12 - Memory Corruption
Nov 14, 2022
CVSS 6.5
EPSS 0.00
Products
php 723 pear 5 archive_tar 4 frankenphp 2 pearweb 2 php_script_index 2 animated_smiley_generator 1 ar_memberscript 1 blog_cms 1 bloq 1 com_extensions 1 directory_listing_script 1 errordocs 1 ext-http 1 f1_maxs_file_uploader 1 imagick 1 memcached 1 mysql_banner_exchange 1 mysql_extension 1 pear_archive_tar 1 pecl_http 1 php_fi 1 phpsquidpass 1 xhprof 1 xml_rpc 1
Quick Filters
Critical CVEs With Exploits In CISA KEV