Php

This hub aggregates every CVE we track for Php, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Php.

• CVE-2026-7263DoS attack via DOMNode::C14N()7.5May 10, 2026
• CVE-2026-6104Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding9.1May 10, 2026
• CVE-2026-7258Out-of-bounds read in urldecode() on NetBSD7.5May 10, 2026
• CVE-2026-6722Use-After-Free in SOAP using Apache map9.8May 10, 2026
• CVE-2026-7259Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()6.5May 10, 2026
• CVE-2026-7261SoapServer session-persisted object use-after-free via SOAP header fault9.8May 10, 2026
• CVE-2026-7262NULL pointer dereference in SOAP apache:Map decoder with missing <value>7.5May 10, 2026
• CVE-2025-14179SQL injection in pdo_firebird via NUL bytes in quoted strings9.8May 10, 2026
• CVE-2026-7568Signed integer overflow in metaphone()7.5May 10, 2026
• CVE-2026-6735XSS within PHP-FPM status endpoint6.1May 10, 2026
• BDU:2026-06302Уязвимость функции var_destroy() сценария ext/standard/var_unserializer.re интерпретатора языка PHP, позволяющая нарушителю выполнить произвольный код9.8May 5, 2026
• BDU:2026-02404Уязвимость механизма уничтожения массивов, содержащих объекты интерпретатора языка PHP, позволяющая нарушителю обойти механизм защиты disable_functions и вызвать команды операционной системы9.3Mar 2, 2026
• CVE-2025-14177Information Leak of Memory in getimagesize7.5Dec 27, 2025
• CVE-2025-14178Heap buffer overflow in array_merge()6.5Dec 27, 2025
• CVE-2025-14180NULL Pointer Dereference in PDO quoting7.5Dec 27, 2025