CVSS: 7.5EPSS: %CPEs: 4EXPL: 0CVE-2025-1220 – Null byte termination in hostnames
https://notcve.org/view.php?id=CVE-2025-1220
03 Jul 2025 — In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions. php.net reports: • https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: %CPEs: 4EXPL: 0CVE-2025-1735 – pgsql extension does not check for errors during escaping
https://notcve.org/view.php?id=CVE-2025-1735
03 Jul 2025 — In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid. php.net reports: • https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: %CPEs: 4EXPL: 0CVE-2025-6491 – NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
https://notcve.org/view.php?id=CVE-2025-6491
03 Jul 2025 — In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server. php.net reports: • https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x • CWE-476: NULL Pointer Dereference •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 1CVE-2025-1219 – libxml streams use wrong content-type header when requesting a redirected resource
https://notcve.org/view.php?id=CVE-2025-1219
28 Feb 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations. A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via... • https://github.com/ediop3SquadALT/ediop3PHP • CWE-20: Improper Input Validation CWE-1116: Inaccurate Comments •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1217 – Header parser of http stream wrapper does not handle folded headers
https://notcve.org/view.php?id=CVE-2025-1217
28 Feb 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc. A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrec... • https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1734 – Streams HTTP wrapper does not fail for headers with invalid name and no colon
https://notcve.org/view.php?id=CVE-2025-1734
28 Feb 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers. A flaw was found in PHP. This vulnerability allows applications to accept invalid headers via malformed HTTP headers missing a colon (:), which may confuse applications into processing them as valid headers. It w... • https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1736 – Stream HTTP wrapper header check might omit basic auth header
https://notcve.org/view.php?id=CVE-2025-1736
28 Feb 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted. A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers. It was discovered that... • https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1861 – Stream HTTP wrapper truncates redirect location to 1024 bytes
https://notcve.org/view.php?id=CVE-2025-1861
28 Feb 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location. A flaw was found in PHP. This vulnerability allows incorrect URL truncation and redirection ... • https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11233 – Single byte overread with convert.quoted-printable-decode filter
https://notcve.org/view.php?id=CVE-2024-11233
24 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas. A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is trigg... • https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11234 – Configuring a proxy in a stream context might allow for CRLF injection in URIs
https://notcve.org/view.php?id=CVE-2024-11234
24 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. A flaw was found in PHP. In affected versions of PHP, when using streams with configured prox... • https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2 • CWE-20: Improper Input Validation •