| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-1220 | Null byte termination in hostnames | PHP Group | PHP | Low | 3.7 | 2025-07-13 22:18:37 | Deep Dive |
| CVE-2025-6491 | NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix | PHP Group | PHP | Medium | 5.9 | 2025-07-13 22:10:16 | Deep Dive |
| CVE-2025-7435 | LiveHelperChat lhc-php-resque Extension List list cross site scripting | LiveHelperChat | lhc-php-resque Extension | Low | 3.5 | 2025-07-11 02:02:08 | Deep Dive |
| CVE-2025-48951 | Auth0-PHP SDK Deserialization of Untrusted Data vulnerability | auth0 | auth0-PHP | - | - | 2025-06-03 20:52:35 | Deep Dive |
| CVE-2025-5369 | SourceCodester PHP Display Username After Login login.php sql injection | SourceCodester | PHP Display Username After Login | High | 7.3 | 2025-05-31 05:00:08 | Deep Dive |
| CVE-2025-48883 | Chrome PHP is missing encoding in `CssSelector` | chrome-php | chrome | - | - | 2025-05-30 18:47:43 | Deep Dive |
| CVE-2025-5128 | ScriptAndTools Real-Estate-website-in-PHP Admin Login Panel admin sql injection | ScriptAndTools | Real-Estate-website-in-PHP | High | 7.3 | 2025-05-24 16:00:13 | Deep Dive |
| CVE-2025-48112 | WordPress Dot html,php,xml etc pages plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | karimmughal | Dot html,php,xml etc pages | High | 7.1 | 2025-05-16 15:45:06 | Deep Dive |
| CVE-2025-47275 | Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK | auth0 | auth0-PHP | Critical | 9.1 | 2025-05-15 21:13:01 | Deep Dive |
| CVE-2025-3975 | ScriptAndTools eCommerce-website-in-PHP subscriber-csv.php information disclosure | ScriptAndTools | eCommerce-website-in-PHP | Medium | 5.3 | 2025-04-27 15:31:05 | Deep Dive |
| CVE-2025-39601 | WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability | WPFactory | Custom CSS, JS & PHP | Critical | 9.6 | 2025-04-16 12:44:16 | Deep Dive |
| CVE-2025-3557 | ScriptAndTools eCommerce-website-in-PHP cross-site request forgery | ScriptAndTools | eCommerce-website-in-PHP | Medium | 4.3 | 2025-04-14 08:00:12 | Deep Dive |
| CVE-2025-3556 | ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication | ScriptAndTools | eCommerce-website-in-PHP | Low | 3.7 | 2025-04-14 07:31:05 | Deep Dive |
| CVE-2025-3555 | ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication | ScriptAndTools | eCommerce-website-in-PHP | Low | 3.7 | 2025-04-14 07:00:11 | Deep Dive |
| CVE-2024-11235 | Reference counting in php_request_shutdown causes Use-After-Free | PHP Group | PHP | - | - | 2025-04-04 17:51:08 | Deep Dive |
| CVE-2025-1861 | Stream HTTP wrapper truncates redirect location to 1024 bytes | PHP Group | PHP | 中危 | - | 2025-03-30 05:57:58 | Deep Dive |
| CVE-2025-1736 | Stream HTTP wrapper header check might omit basic auth header | PHP Group | PHP | 中危 | - | 2025-03-30 05:49:15 | Deep Dive |
| CVE-2025-1734 | Streams HTTP wrapper does not fail for headers with invalid name and no colon | PHP Group | PHP | 中危 | - | 2025-03-30 05:43:36 | Deep Dive |
| CVE-2025-1219 | libxml streams use wrong content-type header when requesting a redirected resource | PHP Group | PHP | 中危 | - | 2025-03-30 05:33:14 | Deep Dive |
| CVE-2025-1217 | Header parser of http stream wrapper does not handle folded headers | PHP Group | PHP | 低危 | - | 2025-03-29 05:19:34 | Deep Dive |