Php group Latest Vulnerabilities

Use-After-Free Vulnerability in PHP Products by PHP Group

CVE-2024-11235

PHP GroupPHP9.2CRITICAL

Buffer Limit Vulnerability in PHP Affects Multiple Versions

CVE-2025-1861

PHP GroupPHP6.3MEDIUM

Insufficient Validation of User-Supplied Headers in PHP

CVE-2025-1736

PHP GroupPHP6.3MEDIUM

Invalid Header Handling Vulnerability in PHP Products

CVE-2025-1734

PHP GroupPHP6.3MEDIUM

Improper Content-Type Handling in PHP Affecting Multiple Versions

CVE-2025-1219

PHP GroupPHP👾📰6.3MEDIUM

Malformed HTTP Response Vulnerability in PHP Products

CVE-2025-1217

PHP GroupPHP6.3MEDIUM

SQL Injection Risk in PHP SQLite Driver for PHP Versions

CVE-2022-31631

PHP GroupPHP9.1CRITICAL

Buffer Overread Vulnerabilities in PHP Could Lead to Crashes or Memory Disclosure

CVE-2024-11233

PHP GroupPHP8.2HIGH

PHP Versions Before 8.3.14 Vulnerable to MySQL Server Attack

CVE-2024-8929

PHP GroupPHP5.8MEDIUM

Uncontrolled Long String Inputs Can Cause Integer Overflow and Out-of-Bounds Write in PHP

CVE-2024-8932

PHP GroupPHP9.8CRITICAL

Vulnerability in PHP-FPM Allow Remote Attackers to Manipulate Log Messages and Remove Up to 4 Characters

CVE-2024-9026

PHP GroupPHP3.3LOW

HTTP_REDIRECT_STATUS variable manipulation can lead to arbitrary file inclusion in PHP

CVE-2024-8927

PHP GroupPHP7.5HIGH

CVE-2024-4577 Vulnerability in PHP Could Allow Command Injection and Source Code Revelation

CVE-2024-8926

PHP GroupPHP8.8HIGH

Erroneous Parsing of Multipart Form Data in PHP Could Lead to Data Tampering

CVE-2024-8925

PHP GroupPHP5.3MEDIUM

OpenSSL Private Decrypt Vulnerability

CVE-2024-2408

PHP GroupPHP5.9MEDIUM

PHP CGI Module Vulnerability Allows Malicious User to Reveal Source Code and Run Arbitrary PHP Code on Server

CVE-2024-4577

PHP GroupPHP🥇📈💰👾🟡EPSS 94%🦅📰9.8CRITICAL

PHP Versions Before 8.3.8 Vulnerable to URL Filtering Error

CVE-2024-5458

PHP GroupPHP5.3MEDIUM

Trailing spaces in command names can lead to arbitrary command execution in PHP

CVE-2024-5585

PHP GroupPHP7.7HIGH

Arbitrary Command Execution Vulnerability in PHP Proc Open Function

CVE-2024-1874

PHP GroupPHP👾🟡EPSS 54%📰9.4CRITICAL

Network and Same-Site Attackers Can Set Insecure Cookies in Victim's Browser

CVE-2024-2756

PHP GroupPHP📰6.5MEDIUM

Endless Loop in mb_encode_mimeheader Function Could Lead to DoS Attack

CVE-2024-2757

PHP GroupPHP7.5HIGH

Blank Password String Can Trigger False Positive Matches in PHP password_verify()

CVE-2024-3096

PHP GroupPHP💰👾📰6.5MEDIUM

Security issue with external entity loading in XML without enabling it

CVE-2023-3823

PHP GroupPHP👾📰7.5HIGH

Stack Buffer Overflow in PHP Phar File Loading Could Lead to Memory Corruption or RCE

CVE-2023-3824

PHP GroupPHP🥇📈👾🟡EPSS 16%📰9.8CRITICAL

Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

CVE-2023-3247

PHP GroupPHP2.6LOW

php group Latest Vulnerabilities

Vulnerability Published:

Sort By:

4 April 2025

Use-After-Free Vulnerability in PHP Products by PHP Group

30 March 2025

Buffer Limit Vulnerability in PHP Affects Multiple Versions

Insufficient Validation of User-Supplied Headers in PHP

Invalid Header Handling Vulnerability in PHP Products

Improper Content-Type Handling in PHP Affecting Multiple Versions

29 March 2025

Malformed HTTP Response Vulnerability in PHP Products

12 February 2025

SQL Injection Risk in PHP SQLite Driver for PHP Versions

24 November 2024

Buffer Overread Vulnerabilities in PHP Could Lead to Crashes or Memory Disclosure

22 November 2024

PHP Versions Before 8.3.14 Vulnerable to MySQL Server Attack

Uncontrolled Long String Inputs Can Cause Integer Overflow and Out-of-Bounds Write in PHP

8 October 2024

Vulnerability in PHP-FPM Allow Remote Attackers to Manipulate Log Messages and Remove Up to 4 Characters

HTTP_REDIRECT_STATUS variable manipulation can lead to arbitrary file inclusion in PHP

CVE-2024-4577 Vulnerability in PHP Could Allow Command Injection and Source Code Revelation

Erroneous Parsing of Multipart Form Data in PHP Could Lead to Data Tampering

9 June 2024

OpenSSL Private Decrypt Vulnerability

PHP CGI Module Vulnerability Allows Malicious User to Reveal Source Code and Run Arbitrary PHP Code on Server

PHP Versions Before 8.3.8 Vulnerable to URL Filtering Error

Trailing spaces in command names can lead to arbitrary command execution in PHP

29 April 2024

Arbitrary Command Execution Vulnerability in PHP Proc Open Function

Network and Same-Site Attackers Can Set Insecure Cookies in Victim's Browser

Endless Loop in mb_encode_mimeheader Function Could Lead to DoS Attack

Blank Password String Can Trigger False Positive Matches in PHP password_verify()

11 August 2023

Security issue with external entity loading in XML without enabling it

Stack Buffer Overflow in PHP Phar File Loading Could Lead to Memory Corruption or RCE

22 July 2023

Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP