CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1736 – Stream HTTP wrapper header check might omit basic auth header
https://notcve.org/view.php?id=CVE-2025-1736
28 Feb 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted. A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers. It was discovered that... • https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1861 – Stream HTTP wrapper truncates redirect location to 1024 bytes
https://notcve.org/view.php?id=CVE-2025-1861
28 Feb 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location. A flaw was found in PHP. This vulnerability allows incorrect URL truncation and redirection ... • https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11233 – Single byte overread with convert.quoted-printable-decode filter
https://notcve.org/view.php?id=CVE-2024-11233
24 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas. A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is trigg... • https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11234 – Configuring a proxy in a stream context might allow for CRLF injection in URIs
https://notcve.org/view.php?id=CVE-2024-11234
24 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. A flaw was found in PHP. In affected versions of PHP, when using streams with configured prox... • https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11236 – Integer overflow in the firebird and dblib quoters causing OOB writes
https://notcve.org/view.php?id=CVE-2024-11236
24 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. This update for php8 fixes the following issues. Single byte overr... • https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv • CWE-787: Out-of-bounds Write •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8929 – Leak partial content of the heap through heap buffer over-read in mysqlnd
https://notcve.org/view.php?id=CVE-2024-8929
22 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server. A flaw was found in the PHP MySQL client library. This vulnerability allows a hostile MySQL server to disclose the content of the client's heap, potentially exposing data from other SQL requests and other users of the same server via malici... • https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8932 – OOB access in ldap_escape
https://notcve.org/view.php?id=CVE-2024-8932
22 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components (OpenSSL, PHP) were found to contain vulnerabilities, and updated versions have been made available by the providers.Out of caution and in line with best practice... • https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 4%CPEs: 3EXPL: 0CVE-2024-8926 – PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
https://notcve.org/view.php?id=CVE-2024-8926
03 Oct 2024 — In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. In PHP... • https://github.com/advisories/GHSA-vxpp-6299-mxw3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8925 – Erroneous parsing of multipart form data
https://notcve.org/view.php?id=CVE-2024-8925
30 Sep 2024 — In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead ... • https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8927 – cgi.force_redirect configuration is bypassable due to the environment variable collision
https://notcve.org/view.php?id=CVE-2024-8927
30 Sep 2024 — In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. A flaw was found in PHP. The configuration directive `cgi... • https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp • CWE-1220: Insufficient Granularity of Access Control •