Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

php — Vulnerabilities & Security Advisories 80

All 80 CVE vulnerabilities found in php, with AI-generated Chinese analysis, references, and POCs.

Vendor: PHP

CVE IDTitleCVSSSeverityPublished
CVE-2025-14177 Information Leak of Memory in getimagesize CWE-125 9.1 -2025-12-27
CVE-2025-14178 Heap buffer overflow in array_merge() CWE-787 6.5 Medium2025-12-27
CVE-2025-14180 NULL Pointer Dereference in PDO quoting CWE-476 7.5 -2025-12-27
CVE-2025-1735 pgsql extension does not check for errors during escaping CWE-89 5.9 Medium2025-07-13
CVE-2025-1220 Null byte termination in hostnames CWE-918 3.7 Low2025-07-13
CVE-2025-6491 NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix CWE-476 5.9 Medium2025-07-13
CVE-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free CWE-416 9.8AICriticalAI2025-04-04
CVE-2025-1861 Stream HTTP wrapper truncates redirect location to 1024 bytes CWE-131 6.5 -2025-03-30
CVE-2025-1736 Stream HTTP wrapper header check might omit basic auth header CWE-20 5.3 -2025-03-30
CVE-2025-1734 Streams HTTP wrapper does not fail for headers with invalid name and no colon CWE-20 7.5 -2025-03-30
CVE-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource 8.1 -2025-03-30
CVE-2025-1217 Header parser of http stream wrapper does not handle folded headers CWE-20 7.5 -2025-03-29
CVE-2022-31631 PDO::quote() may return unquoted string CWE-74 9.1 Critical2025-02-12
CVE-2024-11233 Single byte overread with convert.quoted-printable-decode filter CWE-122 4.8 Medium2024-11-24
CVE-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs CWE-20 4.8 Medium2024-11-24
CVE-2024-11236 Integer overflow in the firebird and dblib quoters causing OOB writes CWE-787 9.8 Critical2024-11-24
CVE-2024-8929 Leak partial content of the heap through heap buffer over-read in mysqlnd CWE-200 5.8 Medium2024-11-22
CVE-2024-8932 OOB access in ldap_escape CWE-787 9.8 Critical2024-11-22
CVE-2024-9026 PHP-FPM logs from children may be altered CWE-158 3.3 Low2024-10-08
CVE-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision 7.5 High2024-10-08
CVE-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass) CWE-78 8.1 High2024-10-08
CVE-2024-8925 Erroneous parsing of multipart form data 3.1 Low2024-10-08
CVE-2024-2408 PHP is vulnerable to the Marvin Attack 8.1 -2024-06-09
CVE-2024-4577 Argument Injection in PHP-CGI CWE-78 9.8 Critical2024-06-09
CVE-2024-5585 Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix) CWE-116 7.7 High2024-06-09
CVE-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL) 5.3 Medium2024-06-09
CVE-2024-1874 Command injection via array-ish $command parameter of proc_open() CWE-116 9.4 Critical2024-04-29
CVE-2024-2757 PHP mb_encode_mimeheader runs endlessly for some inputs 7.5 High2024-04-29
CVE-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL CWE-20 6.5 Medium2024-04-29
CVE-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CWE-20 6.5 Medium2024-04-29

All 80 known CVE vulnerabilities affecting php with full Chinese analysis, references, and POCs where available.