php

Top products

The 15 most recently published vulnerabilities affecting php.

• CVE-2026-45062FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files8.1Jun 10, 2026
• CVE-2026-7263DoS attack via DOMNode::C14N()7.5May 10, 2026
• CVE-2026-6104Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding9.1May 10, 2026
• CVE-2026-7258Out-of-bounds read in urldecode() on NetBSD7.5May 10, 2026
• CVE-2026-6722Use-After-Free in SOAP using Apache map9.8May 10, 2026
• CVE-2026-7259Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()6.5May 10, 2026
• CVE-2026-7261SoapServer session-persisted object use-after-free via SOAP header fault9.8May 10, 2026
• CVE-2026-7262NULL pointer dereference in SOAP apache:Map decoder with missing <value>7.5May 10, 2026
• CVE-2025-14179SQL injection in pdo_firebird via NUL bytes in quoted strings9.8May 10, 2026
• CVE-2026-7568Signed integer overflow in metaphone()7.5May 10, 2026
• CVE-2026-6735XSS within PHP-FPM status endpoint6.1May 10, 2026
• CVE-2026-24895FrankenPHP affected by Path Confusion via Unicode casing in CGI path splitting allows execution of arbitrary files9.8Feb 12, 2026
• CVE-2026-24894FrankenPHP leaks session data between requests in worker mode7.5Feb 12, 2026
• CVE-2025-14177Information Leak of Memory in getimagesize7.5Dec 27, 2025
• CVE-2025-14178Heap buffer overflow in array_merge()6.5Dec 27, 2025