Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PHP Group — Vulnerabilities & Security Advisories 78

Browse all 78 CVE security advisories affecting PHP Group. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by PHP Group:PHPPHP Imagick extension
CVE IDTitleCVSSSeverityPublished
CVE-2025-14177 Information Leak of Memory in getimagesize — PHPCWE-125 9.1 -2025-12-27
CVE-2025-14178 Heap buffer overflow in array_merge() — PHPCWE-787 6.5 Medium2025-12-27
CVE-2025-14180 NULL Pointer Dereference in PDO quoting — PHPCWE-476 7.5 -2025-12-27
CVE-2025-1735 pgsql extension does not check for errors during escaping — PHPCWE-89 5.9 Medium2025-07-13
CVE-2025-1220 Null byte termination in hostnames — PHPCWE-918 3.7 Low2025-07-13
CVE-2025-6491 NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix — PHPCWE-476 5.9 Medium2025-07-13
CVE-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free — PHPCWE-416 9.8AICriticalAI2025-04-04
CVE-2025-1861 Stream HTTP wrapper truncates redirect location to 1024 bytes — PHPCWE-131 6.5 -2025-03-30
CVE-2025-1736 Stream HTTP wrapper header check might omit basic auth header — PHPCWE-20 5.3 -2025-03-30
CVE-2025-1734 Streams HTTP wrapper does not fail for headers with invalid name and no colon — PHPCWE-20 7.5 -2025-03-30
CVE-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource — PHP 8.1 -2025-03-30
CVE-2025-1217 Header parser of http stream wrapper does not handle folded headers — PHPCWE-20 7.5 -2025-03-29
CVE-2022-31631 PDO::quote() may return unquoted string — PHPCWE-74 9.1 Critical2025-02-12
CVE-2024-11233 Single byte overread with convert.quoted-printable-decode filter — PHPCWE-122 4.8 Medium2024-11-24
CVE-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs — PHPCWE-20 4.8 Medium2024-11-24
CVE-2024-11236 Integer overflow in the firebird and dblib quoters causing OOB writes — PHPCWE-787 9.8 Critical2024-11-24
CVE-2024-8929 Leak partial content of the heap through heap buffer over-read in mysqlnd — PHPCWE-200 5.8 Medium2024-11-22
CVE-2024-8932 OOB access in ldap_escape — PHPCWE-787 9.8 Critical2024-11-22
CVE-2024-9026 PHP-FPM logs from children may be altered — PHPCWE-158 3.3 Low2024-10-08
CVE-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision — PHP 7.5 High2024-10-08
CVE-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass) — PHPCWE-78 8.1 High2024-10-08
CVE-2024-8925 Erroneous parsing of multipart form data — PHP 3.1 Low2024-10-08
CVE-2024-2408 PHP is vulnerable to the Marvin Attack — PHP 8.1 -2024-06-09
CVE-2024-4577 Argument Injection in PHP-CGI — PHPCWE-78 9.8 Critical2024-06-09
CVE-2024-5585 Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix) — PHPCWE-116 7.7 High2024-06-09
CVE-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL) — PHP 5.3 Medium2024-06-09
CVE-2024-1874 Command injection via array-ish $command parameter of proc_open() — PHPCWE-116 9.4 Critical2024-04-29
CVE-2024-2757 PHP mb_encode_mimeheader runs endlessly for some inputs — PHP 7.5 High2024-04-29
CVE-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL — PHPCWE-20 6.5 Medium2024-04-29
CVE-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix — PHPCWE-20 6.5 Medium2024-04-29

This page lists every published CVE security advisory associated with PHP Group. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.