php

756 tracked vulnerabilities.

CVE-2018-14883 HIGH
PHP <5.6.37, <7.0.31, <7.1.20, <7.2.8 - Memory Corruption
Aug 03, 2018
CVSS 7.5
EPSS 0.20
CVE-2018-14851 MEDIUM
PHP <5.6.37, <7.0.31, <7.1.20, <7.2.8 - DoS
Aug 02, 2018
CVSS 5.5
EPSS 0.00
CVE-2018-12882 CRITICAL
PHP 7.2.0-7.2.7 - Use-After-Free in exif_read_from_impl
Jun 26, 2018
CVSS 9.8
EPSS 0.05
CVE-2018-10549 HIGH
PHP < 5.6.36, 7.0.x < 7.0.30, 7.1.x < 7.1.17, 7.2.x < 7.2.5 - Out-of-bounds Read in exif_read_data
Apr 29, 2018
CVSS 8.8
EPSS 0.02
CVE-2018-10548 HIGH
PHP < 5.6.36, 7.0.x < 7.0.30, 7.1.x < 7.1.17, 7.2.x < 7.2.5 - Denial of Service via LDAP DN Handling
Apr 29, 2018
CVSS 7.5
EPSS 0.53
CVE-2018-10547 MEDIUM
PHP <5.6.36, <7.0.30, <7.1.17, <7.2.5 - XSS
Apr 29, 2018
CVSS 6.1
EPSS 0.17
CVE-2018-10546 HIGH
PHP <5.6.36, <7.0.30, <7.1.17, <7.2.5 - Info Disclosure
Apr 29, 2018
CVSS 7.5
EPSS 0.65
CVE-2018-10545 MEDIUM
PHP < 5.6.35, 7.0.x < 7.0.29, 7.1.x < 7.1.16, 7.2.x < 7.2.4 - Sensitive Info Exposure via FPM
Apr 29, 2018
CVSS 4.7
EPSS 0.00
CVE-2018-7584 CRITICAL
PHP < 5.6.33, 7.0.x < 7.0.28, 7.1.x <= 7.1.14, 7.2.x <= 7.2.2 - Stack-Based Buffer Under-Read in HTTP Response Parsing
Mar 01, 2018
CVSS 9.8
EPSS 0.83
CVE-2018-5712 MEDIUM
PHP <5.6.33, <7.0.27, <7.1.13, <7.2.1 - XSS
Jan 16, 2018
CVSS 6.1
EPSS 0.89
CVE-2018-5711 MEDIUM
GD Graphics Library <7.2.1 - Buffer Overflow
Jan 16, 2018
CVSS 5.5
EPSS 0.10
CVE-2017-7189 HIGH
PHP 7.0.0-7.0.15 - Improper Input Validation in fsockopen Address Parsing
Jul 10, 2019
CVSS 7.5
EPSS 0.02
CVE-2017-9120 CRITICAL
PHP 7.0.0-7.1.5 - Denial of Service via Integer Overflow in mysqli_real_escape_string
Aug 02, 2018
CVSS 9.8
EPSS 0.02
CVE-2017-9118 HIGH
PHP 7.1.5 - Out-of-bounds Read via preg_replace
Aug 02, 2018
CVSS 7.5
EPSS 0.00
CVE-2017-16642 HIGH
PHP <5.6.32, 7.x <7.0.25, 7.1.x <7.1.11 - Info Disclosure
Nov 07, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-12934 HIGH
PHP 7.0.x < 7.0.21 and 7.1.x < 7.1.7 - Use-After-Free in Unserialization
Aug 18, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-12933 CRITICAL
PHP < 5.6.31, 7.0.x < 7.0.21, 7.1.x < 7.1.7 - Out-of-bounds Read in var_unserializer.re
Aug 18, 2017
CVSS 9.8
EPSS 0.13
CVE-2017-12932 CRITICAL
PHP 7.0.x-7.0.22 and 7.1.x-7.1.8 - Use-After-Free in Unserializer
Aug 18, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-7890 MEDIUM
PHP < 5.6.31 and 7.x < 7.1.7 - Information Disclosure via GIF Decoding Stack Leak
Aug 02, 2017
CVSS 6.5
EPSS 0.30
CVE-2017-11628 HIGH
PHP <5.6.31, 7.x <7.0.21, 7.1.x <7.1.7 - Buffer Overflow
Jul 25, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-11362 CRITICAL
PHP 7.x < 7.0.21 and 7.1.x < 7.1.7 - Stack-Based Buffer Overflow via Long Locale in msgfmt_parse_message
Jul 17, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-11147 CRITICAL
PHP < 5.6.30 and 7.x < 7.0.15 - Out-of-bounds Read in PHAR Archive Handler
Jul 10, 2017
CVSS 9.1
EPSS 0.04
CVE-2017-11145 HIGH
PHP < 5.6.31, 7.x < 7.0.21, 7.1.x < 7.1.7 - Information Disclosure via Date Extension timelib_meridian Parsing
Jul 10, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-11144 HIGH
PHP < 5.6.31, 7.x < 7.0.21, 7.1.x < 7.1.7 - Denial of Service via OpenSSL PEM Sealing
Jul 10, 2017
CVSS 7.5
EPSS 0.41
CVE-2017-11143 HIGH
PHP < 5.6.30 - Use-After-Free in WDDX Boolean Deserialization
Jul 10, 2017
CVSS 7.5
EPSS 0.10
Products
php 723 pear 5 archive_tar 4 frankenphp 2 pearweb 2 php_script_index 2 animated_smiley_generator 1 ar_memberscript 1 blog_cms 1 bloq 1 com_extensions 1 directory_listing_script 1 errordocs 1 ext-http 1 f1_maxs_file_uploader 1 imagick 1 memcached 1 mysql_banner_exchange 1 mysql_extension 1 pear_archive_tar 1 pecl_http 1 php_fi 1 phpsquidpass 1 xhprof 1 xml_rpc 1
Quick Filters
Critical CVEs With Exploits In CISA KEV