Sec Feed Reader

PHP Security (php/php-src GHSA)

Kategorie: vendor_advisory Provider: github_security_advisories Sprache: de Zielgruppe: - Tags: php, runtime Aktiv: Ja

Letzter Fetch	Letzter Erfolg	Aufeinanderfolgende Fehler	Letzte Fehlermeldung	ETag	Last-Modified
2026-05-14 21:41 UTC	2026-05-14 21:41 UTC	0	-	W/"54796af25657a65c46d721b1809b339812dcee537b197649fa58a62f93f90172"	Thu, 07 May 2026 14:31:30 GMT

Gesamt

Critical

High

Mit CVE-Bezug

### Letzte Eintraege


NULL pointer dereference in SOAP apache:Map decoder with missing <value>	2026-05-07 12:57	-	1
SoapServer session-persisted object use-after-free via SOAP header fault	2026-05-07 12:57	-	1
Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()	2026-05-07 12:57	-	1
XSS within PHP-FPM status endpoint	2026-05-07 12:56	-	1
Use-After-Free in SOAP using Apache map with Remote Code Execution	2026-05-07 12:56	-	1
Out-of-bounds read in urldecode()	2026-05-07 12:56	-	1
Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding	2026-05-07 12:55	-	1
SQL injection in pdo_firebird via NUL bytes in quoted strings	2026-05-07 12:55	-	1
Signed integer overflow in metaphone()	2026-05-07 12:54	-	1
DoS attack via DOMNode::C14N()	2026-05-07 12:54	-	1
Null byte termination in dns_get_record()	2025-12-18 16:11	-	0
NULL Pointer Dereference in PDO quoting	2025-12-18 16:10	-	1
Heap buffer overflow in array_merge()	2025-12-18 16:10	-	1
Information Leak of Memory in getimagesize	2025-12-18 16:10	-	1
pgsql extension does not check for errors during escaping	2025-07-03 12:27	HIGH	2
NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix	2025-07-03 12:27	-	1
Null byte termination in hostnames	2025-07-03 12:27	-	1
Reference counting in php_request_shutdown causes Use-After-Free	2025-03-13 17:44	-	1
Possible out of bounds read when XML_OPTION_SKIP_TAGSTART used	2025-03-13 17:44	-	0
libxml streams use wrong `content-type` header when requesting a redirected resource	2025-03-13 17:44	-	1
Stream HTTP wrapper header check might omit basic auth header	2025-03-13 17:44	-	1
Stream HTTP wrapper truncate redirect location to 1024 bytes	2025-03-13 17:44	-	1
Streams HTTP wrapper does not fail for headers with invalid name and no colon	2025-03-13 17:43	-	1
Header parser of `http` stream wrapper does not handle folded headers	2025-03-13 17:43	-	1
[Mysqlnd] Leak partial content of the heap through heap buffer over-read	2024-11-21 18:15	-	1
OOB access in ldap_escape	2024-11-21 18:15	-	2
Configuring a proxy in a stream context might allow for CRLF injection in URIs	2024-11-21 18:15	-	1
Integer overflow in the firebird and dblib quoters causing OOB writes	2024-11-21 18:15	-	1
Single byte overread with convert.quoted-printable-decode filter	2024-11-21 18:15	-	1
Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface	2024-11-21 18:15	-	0
PHP RCE: A Bypass of CVE-2012-1823, Argument Injection in PHP-CGI	2024-09-28 17:37	CRITICAL	2
cgi.force_redirect configuration is bypassable due to the environment variable collision	2024-09-27 17:51	-	1
PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)	2024-09-27 17:50	CRITICAL	2
Erroneous parsing of multipart form data	2024-09-27 17:50	-	1
[PHP-FPM] Logs from childrens may be altered	2024-09-27 17:50	-	1
bypass CVE-2024-1874	2024-06-09 18:37	CRITICAL	2
Filter bypass in filter_var (FILTER_VALIDATE_URL)	2024-06-09 18:13	MEDIUM	2
PHP is vulnerable to the Marvin Attack	2024-06-06 21:17	-	1
mb_encode_mimeheader runs endlessly for some inputs	2024-04-11 23:00	-	1
password_verify can erroneously return true, opening ATO risk	2024-04-11 22:59	-	1
Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows	2024-04-11 17:15	-	1
__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix	2024-04-11 17:12	MEDIUM	2
Buffer overflow and overread in phar_dir_read()	2023-08-05 04:14	-	1
Security issue with external entity loading in XML without enabling it	2023-08-05 04:14	-	1
Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP	2023-06-12 14:20	-	1
BCrypt hashes erroneously validate if the salt is cut short by `$`	2023-02-15 20:37	-	1
DoS vulnerability when parsing multipart request body	2023-02-15 20:32	-	1

Alle Quellen