CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48883 – Chrome PHP is missing encoding in `CssSelector`
https://notcve.org/view.php?id=CVE-2025-48883
30 May 2025 — Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS (cross-site scripting) vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding manually to their selectors if they are unable to upgrade. • https://github.com/chrome-php/chrome/commit/34b2b8d1691f4e3940b1e1e95d388fffe81169c8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11235 – Reference counting in php_request_shutdown causes Use-After-Free
https://notcve.org/view.php?id=CVE-2024-11235
28 Feb 2025 — In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution. A flaw was found in PHP. This vulnerability allows remote code execution via a crafted code path involving the __set magic method or the null coalescing assignment (?... • https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 • CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1217 – Header parser of http stream wrapper does not handle folded headers
https://notcve.org/view.php?id=CVE-2025-1217
28 Feb 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc. A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrec... • https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 1CVE-2025-1219 – libxml streams use wrong content-type header when requesting a redirected resource
https://notcve.org/view.php?id=CVE-2025-1219
28 Feb 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations. A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via... • https://github.com/ediop3SquadALT/ediop3PHP • CWE-20: Improper Input Validation CWE-1116: Inaccurate Comments •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1734 – Streams HTTP wrapper does not fail for headers with invalid name and no colon
https://notcve.org/view.php?id=CVE-2025-1734
28 Feb 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers. A flaw was found in PHP. This vulnerability allows applications to accept invalid headers via malformed HTTP headers missing a colon (:), which may confuse applications into processing them as valid headers. It w... • https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1736 – Stream HTTP wrapper header check might omit basic auth header
https://notcve.org/view.php?id=CVE-2025-1736
28 Feb 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted. A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers. It was discovered that... • https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1861 – Stream HTTP wrapper truncates redirect location to 1024 bytes
https://notcve.org/view.php?id=CVE-2025-1861
28 Feb 2025 — In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location. A flaw was found in PHP. This vulnerability allows incorrect URL truncation and redirection ... • https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11233 – Single byte overread with convert.quoted-printable-decode filter
https://notcve.org/view.php?id=CVE-2024-11233
24 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas. A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is trigg... • https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11234 – Configuring a proxy in a stream context might allow for CRLF injection in URIs
https://notcve.org/view.php?id=CVE-2024-11234
24 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. A flaw was found in PHP. In affected versions of PHP, when using streams with configured prox... • https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11236 – Integer overflow in the firebird and dblib quoters causing OOB writes
https://notcve.org/view.php?id=CVE-2024-11236
24 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. This update for php8 fixes the following issues. Single byte overr... • https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv • CWE-787: Out-of-bounds Write •