目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

php 产品漏洞列表 / CVE 中文分析 91

php 产品相关 91 条漏洞,AI 中文标题与摘要、CVSS、POC 一站汇总。

本页面为PHP相关的漏洞信息聚合页,聚焦于该开源脚本语言在不同版本中存在的安全缺陷与潜在风险。收录内容涵盖远程代码执行、反序列化漏洞及配置不当等常见弱点,时间范围覆盖从PHP早期版本至最新稳定版的历史数据。读者可借此追踪PHP官方及主流分发版的安全公告,深入了解各类已知弱点的技术细节,并检索特定历史版本的安全状况以辅助升级决策或风险评估。

ベンダー: PHP

CVE IDタイトルCVSS深刻度公開日
CVE-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD CWE-122 5.6 Medium2026-07-03
CVE-2026-7263 DoS attack via DOMNode::C14N() CWE-404 7.5 -2026-05-10
CVE-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding CWE-125 9.1 -2026-05-10
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD CWE-125 7.5 -2026-05-10
CVE-2026-6722 Use-After-Free in SOAP using Apache map CWE-416 8.8 -2026-05-10
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() CWE-476 7.5 -2026-05-10
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault CWE-416 8.8 -2026-05-10
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value> CWE-476 7.5 -2026-05-10
CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings CWE-89 9.8 -2026-05-10
CVE-2026-7568 Signed integer overflow in metaphone() CWE-190 9.1 -2026-05-10
CVE-2026-6735 XSS within PHP-FPM status endpoint CWE-79 6.1 -2026-05-10
CVE-2025-14177 Information Leak of Memory in getimagesize CWE-125 9.1 -2025-12-27
CVE-2025-14178 Heap buffer overflow in array_merge() CWE-787 6.5 Medium2025-12-27
CVE-2025-14180 NULL Pointer Dereference in PDO quoting CWE-476 7.5 -2025-12-27
CVE-2025-1735 pgsql extension does not check for errors during escaping CWE-89 5.9 Medium2025-07-13
CVE-2025-1220 Null byte termination in hostnames CWE-918 3.7 Low2025-07-13
CVE-2025-6491 NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix CWE-476 5.9 Medium2025-07-13
CVE-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free CWE-416 9.8AICriticalAI2025-04-04
CVE-2025-1861 Stream HTTP wrapper truncates redirect location to 1024 bytes CWE-131 6.5 -2025-03-30
CVE-2025-1736 Stream HTTP wrapper header check might omit basic auth header CWE-20 5.3 -2025-03-30
CVE-2025-1734 Streams HTTP wrapper does not fail for headers with invalid name and no colon CWE-20 7.5 -2025-03-30
CVE-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource 8.1 -2025-03-30
CVE-2025-1217 Header parser of http stream wrapper does not handle folded headers CWE-20 7.5 -2025-03-29
CVE-2022-31631 PDO::quote() may return unquoted string CWE-74 9.1 Critical2025-02-12
CVE-2024-11233 Single byte overread with convert.quoted-printable-decode filter CWE-122 4.8 Medium2024-11-24
CVE-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs CWE-20 4.8 Medium2024-11-24
CVE-2024-11236 Integer overflow in the firebird and dblib quoters causing OOB writes CWE-787 9.8 Critical2024-11-24
CVE-2024-8929 Leak partial content of the heap through heap buffer over-read in mysqlnd CWE-200 5.8 Medium2024-11-22
CVE-2024-8932 OOB access in ldap_escape CWE-787 9.8 Critical2024-11-22
CVE-2024-9026 PHP-FPM logs from children may be altered CWE-158 3.3 Low2024-10-08

php 产品累计公开 91 条 CVE 漏洞,本页提供按时间倒序的完整列表,包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。