php

756 tracked vulnerabilities.

CVE-2019-11035 CRITICAL
PHP 7.1.x < 7.1.28, 7.2.x < 7.2.17, 7.3.x < 7.3.4 - Out-of-bounds Read in EXIF Extension
Apr 18, 2019
CVSS 9.1
EPSS 0.03
CVE-2019-11034 CRITICAL
PHP 7.1.x < 7.1.28, 7.2.x < 7.2.17, 7.3.x < 7.3.4 - Out-of-bounds Read in EXIF Extension
Apr 18, 2019
CVSS 9.1
EPSS 0.03
CVE-2019-9675 HIGH
PHP <7.1.27, <7.3.3 - Buffer Overflow
Mar 11, 2019
CVSS 8.1
EPSS 0.00
CVE-2019-9641 CRITICAL
PHP <7.1.27-7.3.3 - Info Disclosure
Mar 09, 2019
CVSS 9.8
EPSS 0.52
CVE-2019-9640 HIGH
PHP <7.1.27-7.3.3 - Info Disclosure
Mar 09, 2019
CVSS 7.5
EPSS 0.16
CVE-2019-9639 HIGH
PHP <7.1.27-7.3.3 - Uninitialized Read
Mar 09, 2019
CVSS 7.5
EPSS 0.15
CVE-2019-9638 HIGH
PHP <7.1.27, <7.2.16, <7.3.3 - Info Disclosure
Mar 09, 2019
CVSS 7.5
EPSS 0.16
CVE-2019-9637 HIGH
PHP <7.1.27-7.2.16-7.3.3 - Info Disclosure
Mar 09, 2019
CVSS 7.5
EPSS 0.10
CVE-2019-9025 CRITICAL
PHP 7.3.0 - Out-of-bounds Read via mb_split() Multibyte String Handling
Feb 22, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-9024 HIGH
PHP < 5.6.40 - Out-of-bounds Read in xmlrpc_decode()
Feb 22, 2019
CVSS 7.5
EPSS 0.14
CVE-2019-9023 CRITICAL
PHP < 5.6.40 - Out-of-bounds Read in mbstring Regular Expression Functions
Feb 22, 2019
CVSS 9.8
EPSS 0.11
CVE-2019-9022 HIGH
PHP 7.x < 7.1.26, 7.2.x < 7.2.14, 7.3.x < 7.3.2 - Out-of-bounds Read in dns_get_record
Feb 22, 2019
CVSS 7.5
EPSS 0.08
CVE-2019-9021 CRITICAL
PHP < 5.6.40 - Heap-Based Buffer Over-Read in PHAR File Name Parsing
Feb 22, 2019
CVSS 9.8
EPSS 0.25
CVE-2019-9020 CRITICAL
PHP < 5.6.40, 7.x < 7.1.26, 7.2.x < 7.2.14, 7.3.x < 7.3.1 - Out-of-bounds Read in xmlrpc_decode
Feb 22, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-6977 HIGH
GD Graphics Library <2.2.5 - Buffer Overflow
Jan 27, 2019
CVSS 8.8
EPSS 0.88
CVE-2018-20783 HIGH
PHP < 5.6.39 - Out-of-bounds Read in PHAR File Parsing
Feb 21, 2019
CVSS 7.5
EPSS 0.05
CVE-2018-1000888 HIGH
PEAR Archive_Tar <1.4.3 - Code Injection
Dec 28, 2018
CVSS 8.8
EPSS 0.29
CVE-2018-19935 HIGH
PHP 5.x and 7.x < 7.3.0 - Denial of Service via Empty String in imap_mail Function
Dec 07, 2018
CVSS 7.5
EPSS 0.24
CVE-2018-19520 HIGH
SDCMS 1.6 - Authenticated Remote Code Execution via preg_replace 'e' Call in Theme Management
Nov 25, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-19518 HIGH NUCLEI
University of Washington IMAP Toolkit 2007f - Command Injection
Nov 25, 2018
CVSS 7.5
EPSS 0.94
CVE-2018-19396 HIGH
PHP 5.0.0-7.1.24 - Denial of Service via Unserialize Call for com, dotnet, or variant Class
Nov 20, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-19395 HIGH
PHP 5.0.0-7.1.24 - Denial of Service via COM Object Serialization
Nov 20, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-17082 MEDIUM NUCLEI
PHP <5.6.38, <7.0.32, <7.1.22, <7.2.10 - XSS
Sep 16, 2018
CVSS 6.1
EPSS 0.04
CVE-2018-15132 HIGH
PHP <5.6.37, <7.0.31, <7.1.20, <7.2.8 - Path Traversal
Aug 07, 2018
CVSS 7.5
EPSS 0.05
CVE-2018-14884 HIGH
PHP <7.0.27, <7.1.13, <7.2.1 - Info Disclosure
Aug 03, 2018
CVSS 7.5
EPSS 0.01
Products
php 723 pear 5 archive_tar 4 frankenphp 2 pearweb 2 php_script_index 2 animated_smiley_generator 1 ar_memberscript 1 blog_cms 1 bloq 1 com_extensions 1 directory_listing_script 1 errordocs 1 ext-http 1 f1_maxs_file_uploader 1 imagick 1 memcached 1 mysql_banner_exchange 1 mysql_extension 1 pear_archive_tar 1 pecl_http 1 php_fi 1 phpsquidpass 1 xhprof 1 xml_rpc 1
Quick Filters
Critical CVEs With Exploits In CISA KEV