php

756 tracked vulnerabilities.

CVE-2022-37454 CRITICAL
Keccak XKCP SHA-3 Reference Implementation - Integer Overflow and Buffer Overflow in Sponge Function Interface
Oct 21, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-31629 MEDIUM
PHP <7.4.31, 8.0.24, 8.1.11 - Info Disclosure
Sep 28, 2022
CVSS 6.5
EPSS 0.15
CVE-2022-31628 LOW
PHP <7.4.31, 8.0.24, 8.1.11 - Use After Free
Sep 28, 2022
CVSS 2.3
EPSS 0.00
CVE-2022-31627 HIGH
PHP 8.1.0-8.1.7 - Use-After-Free in fileinfo Functions
Jul 28, 2022
CVSS 7.7
EPSS 0.00
CVE-2022-31626 HIGH
PHP <7.4.30, <8.0.20, and <8.1.7 - Code Execution via pdo_mysql Buffer Overflow
Jun 16, 2022
CVSS 7.5
EPSS 0.10
CVE-2022-31625 HIGH
PHP <7.4.30-8.0.20-8.1.7 - Use After Free
Jun 16, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-27158 CRITICAL
PHP Pearweb < 1.32.0 - Insecure Deserialization
Apr 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-27157 CRITICAL
PHP Pearweb < 1.32.0 - Password Reset Weakness
Apr 15, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-26635 CRITICAL
PHP-Memcached <2.2.0 - Code Injection
Apr 05, 2022
CVSS 9.8
EPSS 0.08
CVE-2021-21708 HIGH
PHP 7.4.0-7.4.27 - Use-After-Free via FILTER_VALIDATE_FLOAT with Min/Max Limits
Feb 27, 2022
CVSS 8.2
EPSS 0.00
CVE-2021-21707 MEDIUM
PHP <7.3.33, 7.4.26, 8.0.13 - Info Disclosure
Nov 29, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-21703 HIGH
PHP 7.3.x<=7.3.31 7.4.x<7.4.25 8.0.x<8.0.12 - Privilege Escalation via FPM Shared Memory
Oct 25, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-21706 MEDIUM
PHP 7.3.0-7.3.30 - Path Traversal and Arbitrary File Write via ZipArchive::extractTo
Oct 04, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-21705 MEDIUM
PHP 7.3.0-7.3.28 - Improper Input Validation in filter_var URL Validation
Oct 04, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-21704 MEDIUM
PHP 7.3.0-7.3.28 - Denial of Service via Firebird PDO Driver Response Parsing
Oct 04, 2021
CVSS 5.0
EPSS 0.00
CVE-2021-32610 HIGH
Archive_Tar < 1.4.14 - Directory Traversal via Symlink Extraction
Jul 30, 2021
CVSS 7.1
EPSS 0.03
CVE-2021-21702 MEDIUM
PHP 7.3.0-7.3.26 - Denial of Service via SOAP Extension Null Pointer Dereference
Feb 15, 2021
CVSS 5.3
EPSS 0.00
CVE-2020-7071 MEDIUM
PHP 7.3.0-7.3.25 - URL Validation Bypass via Invalid Password
Feb 15, 2021
CVSS 5.3
EPSS 0.07
CVE-2020-36193 HIGH KEV
Archive_Tar < 1.4.11 - Path Traversal via Symbolic Link Handling
Jan 18, 2021
CVSS 7.5
EPSS 0.71
CVE-2020-28949 HIGH KEV
Archive_Tar <1.4.10 - Code Injection
Nov 19, 2020
CVSS 7.8
EPSS 0.93
CVE-2020-28948 HIGH
Archive_Tar < 1.4.11 - Deserialization of Untrusted Data via PHAR Case Bypass
Nov 19, 2020
CVSS 7.8
EPSS 0.77
CVE-2020-7070 MEDIUM
PHP 7.2.0-7.2.33, 7.3.0-7.3.22, 7.4.0-7.4.10 - Cookie Prefix Confusion via URL Decoding
Oct 02, 2020
CVSS 4.3
EPSS 0.26
CVE-2020-7069 MEDIUM
PHP 7.2.0-7.2.33, 7.3.0-7.3.22, 7.4.0-7.4.10 - Inadequate Encryption Strength in AES-CCM Mode
Oct 02, 2020
CVSS 5.4
EPSS 0.08
CVE-2020-7068 MEDIUM
PHP 7.2.0-7.2.32, 7.3.0-7.3.20, 7.4.0-7.4.8 - Use-After-Free in PHAR File Processing
Sep 09, 2020
CVSS 4.8
EPSS 0.01
CVE-2020-7067 HIGH
PHP <7.2.30, <7.3.17, <7.4.5 - Memory Corruption
Apr 27, 2020
CVSS 7.5
EPSS 0.10
Products
php 723 pear 5 archive_tar 4 frankenphp 2 pearweb 2 php_script_index 2 animated_smiley_generator 1 ar_memberscript 1 blog_cms 1 bloq 1 com_extensions 1 directory_listing_script 1 errordocs 1 ext-http 1 f1_maxs_file_uploader 1 imagick 1 memcached 1 mysql_banner_exchange 1 mysql_extension 1 pear_archive_tar 1 pecl_http 1 php_fi 1 phpsquidpass 1 xhprof 1 xml_rpc 1
Quick Filters
Critical CVEs With Exploits In CISA KEV