Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how php compares to other vendors in security performance

View Risk Score →

Simple Fields (WordPress plugin)Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath

Risk 38
Severity
6.9
First published (updated )
CVE-2018-25324

PHP PHPIn PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the X…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2468572

PHP PHPIn PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embe…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2468573

PHP PHPIn PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2468565

PHP PHPIn PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2468561
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPXSS

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2468562

PHP PHPInteger Overflow

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2468566

PHP PHPNull Pointer Dereference

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2468564

uriparser uriparseruriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928

Risk 30
Severity
5.3
First published (updated )
CVE-2026-44928

uriparser uriparseruriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928

Risk 30
Severity
5.3
Trending
3 Months
First published (updated )
CVE-2026-44927
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPSoapServer session-persisted object use-after-free via SOAP header fault

Risk 61
Severity
6.3
EPSS
0.06%
First published (updated )
CVE-2026-7261

PHP PHPOut-of-bounds read in urldecode() on NetBSD

Risk 31
Severity
6.3
EPSS
0.02%
First published (updated )
CVE-2026-7258

PHP PHPNULL pointer dereference in SOAP apache:Map decoder with missing <value>

Risk 31
Severity
2.9
EPSS
0.11%
First published (updated )
CVE-2026-7262

PHP PHPSQL injection in pdo_firebird via NUL bytes in quoted strings

Risk 86
Severity
7.4
First published (updated )
CVE-2025-14179

PHP PHPXSS within PHP-FPM status endpoint

Risk 40
Severity
7.3
EPSS
0.05%
First published (updated )
CVE-2026-6735
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPUse-After-Free in SOAP using Apache map

Risk 61
Severity
9.5
EPSS
0.29%
First published (updated )
CVE-2026-6722

PHP PHPSigned integer overflow in metaphone()

Risk 31
Severity
6.3
EPSS
0.06%
First published (updated )
CVE-2026-7568

PHP PHPNull pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

Risk 27
Severity
2.1
EPSS
0.05%
First published (updated )
CVE-2026-7259

PHP PHPDoS attack via DOMNode::C14N()

Risk 31
Severity
6.3
EPSS
0.06%
First published (updated )
CVE-2026-7263

PHP PHPGlobal buffer over-read in mb_convert_encoding() with attacker-supplied encoding

Risk 66
Severity
6.3
First published (updated )
CVE-2026-6104
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

uriparser uriparseruriparser 1.0.1 fixes CVE-2026-42371 (integer overflow)

Risk 32
Severity
5.1
First published (updated )
CVE-2026-42371

go/github.com/dunglas/frankenphpFrankenPHP affected by Path Confusion via Unicode casing in CGI path splitting allows execution of arbitrary files

Risk 61
Severity
9.8
EPSS
0.05%
First published (updated )
CVE-2026-24895

go/github.com/dunglas/frankenphpFrankenPHP leaks session data between requests in worker mode

Risk 33
Severity
8.7
EPSS
0.04%
First published (updated )
CVE-2026-24894

PHP AddressBookaddressbook 9.0.0.1 - 'id' SQL Injection

Risk 57
Severity
8.8
First published (updated )
CVE-2020-37083

PHP PHPBuffer Overflow, Integer Overflow

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2425625
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPNULL Pointer Dereference in PDO quoting

Risk 41
Severity
8.2
First published (updated )
CVE-2025-14180

PHP PHPInformation Leak of Memory in getimagesize

Risk 43
Severity
7.5
First published (updated )
CVE-2025-14177

PHP PHPHeap buffer overflow in array_merge()

Risk 54
Severity
8.2
First published (updated )
CVE-2025-14178

npm/uriparseruriparser 1.0.0 fixes CVE-2025-67899 (DoS, CWE-674)

Risk 17
Severity
2.9
First published (updated )
CVE-2025-67899

DB Electronica Telecomunicazioni Mozart FM TransmitterUnauthenticated Arbitrary File Read via Null Byte Injection

Risk 46
Severity
8.9
First published (updated )
CVE-2025-66263
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203