PHP Group
Products: PHP
40.6
Score
15
CVEs
1
Active
14
PoC
1
KEV
#64
Rank
Period:
Product:
| CVE ID | Published | CVSS | Exploit | KEV | AC | PR | Auto | Score(hover) | Affected Products | Description |
|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2025-14177 | 2025-12-27 | 6.3v4.0 | POC | — | High | None | no | 0.0 | PHP | In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs d |
| CVE-2025-14178 | 2025-12-27 | 6.5v3.1 | POC | — | High | None | no | 0.0 | PHP | In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation |
| CVE-2025-14180 | 2025-12-27 | 8.2v4.0 | POC | — | High | None | no | 0.0 | PHP | In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting fu |
| CVE-2025-1220 | 2025-07-13 | 3.7v3.1 | POC | — | High | None | no | 0.0 | PHP | In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus |
| CVE-2025-6491 | 2025-07-13 | 5.9v3.1 | POC | — | High | None | no | 0.0 | PHP | In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server. |
| CVE-2024-11235 | 2025-04-04 | 9.2v4.0 | POC | — | High | None | no | 0.0 | PHP | In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the s |
| CVE-2025-1219 | 2025-03-30 | 6.3v4.0 | POC | — | High | None | no | 0.0 | PHP | In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This ma |
| CVE-2025-1217 | 2025-03-29 | 6.3v4.0 | POC | — | High | None | no | 0.0 | PHP | In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME |
| CVE-2024-8925 | 2024-10-08 | 3.1v3.1 | POC | — | High | Low | no | 0.0 | PHP | In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to |
| CVE-2024-2408 | 2024-06-09 | 5.9v3.1 | POC | — | High | None | no | 0.0 | PHP | The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkc |
| CVE-2024-4577 | 2024-06-09 | 9.8v3.1 | ACTIVE | Low | None | YES | 40.6 | PHP | In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misint | |
| CVE-2024-5458 | 2024-06-09 | 5.3v3.1 | POC | — | Low | None | YES | 0.0 | PHP | In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) |
| CVE-2024-5585 | 2024-06-09 | 7.7v3.1 | POC | — | High | None | no | 0.0 | PHP | In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command |
| CVE-2024-1874 | 2024-04-29 | 9.4v3.1 | POC | — | Low | None | YES | 0.0 | PHP | In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary comman |
| CVE-2024-2757 | 2024-04-29 | 7.5v3.1 | POC | — | Low | None | no | 0.0 | PHP | In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. |
Each CVE: 10 pts base (Active only), boosted by:
KEV×2.0AC: Low×1.2PR: None×1.3PR: Low×1.1Auto×1.3