Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how php compares to other vendors in security performance

View Risk Score →

PHP PHPUse-After-Free in SOAP using Apache map

Risk 61
Severity
9.5
EPSS
0.29%
First published (updated )
CVE-2026-6722

go/github.com/dunglas/frankenphpFrankenPHP affected by Path Confusion via Unicode casing in CGI path splitting allows execution of arbitrary files

Risk 61
Severity
9.8
EPSS
0.05%
First published (updated )
CVE-2026-24895

PHP PHPStream HTTP wrapper truncates redirect location to 1024 bytes

Risk 86
Severity
9.8
First published (updated )
CVE-2025-1861

PHP PHPReference counting in php_request_shutdown causes Use-After-Free

Risk 76
Severity
9.2
First published (updated )
CVE-2024-11235

PHP PHPOOB access in ldap_escape

Risk 62
Severity
9.8
EPSS
0.04%
First published (updated )
CVE-2024-8932
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPInteger overflow in the firebird and dblib quoters causing OOB writes

Risk 89
Severity
9.8
First published (updated )
CVE-2024-11236

PHP PHPPHP-CGI OS Command Injection Vulnerability

Risk 99
Severity
9.8
Exploited
EPSS
96.68%
First published (updated )
CVE-2024-4577

PHP PHPCommand injection via array-ish $command parameter of proc_open()

Risk 81
Severity
9.4
First published (updated )
CVE-2024-1874

Nodejs Node.jsCommand injection vulnerability in programing languages on Microsoft Windows operating system.

Risk 61
Severity
9.8
EPSS
0.04%
First published (updated )
CVE-2024-3566

composer/phenx/php-svg-libphp-svg-lib lacks path validation on font through SVG inline styles

Risk 62
Severity
9.8
EPSS
0.04%
First published (updated )
CVE-2024-25117
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPBuffer overflow and overread in phar_dir_read()

Risk 92
Severity
9.8
First published (updated )
CVE-2023-3824

PHP PHPPDO::quote() may return unquoted string

Risk 67
Severity
9.1
First published (updated )
CVE-2022-31631

PHP PHPInteger Overflow, Buffer Overflow

Risk 89
Severity
9.8
First published (updated )
CVE-2022-37454

PHP PHPHeap buffer overflow in finfo_buffer

Risk 86
Severity
9.8
First published (updated )
CVE-2022-31627

PHP pearwebpearweb < 1.32 suffers from Deserialization of Untrusted Data.

Risk 86
Severity
9.8
First published (updated )
CVE-2022-27158
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP pearwebpearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.p…

Risk 86
Severity
9.8
First published (updated )
CVE-2022-27157

PHP MemcachedPHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execu…

Risk 86
Severity
9.8
First published (updated )
CVE-2022-26635

PHP PHPUAF due to php_filter_float() failing

Risk 86
Severity
9.8
First published (updated )
CVE-2021-21708

PHP PHPheap-buffer-overflow in phar_extract_file

Risk 66
Severity
9.1
First published (updated )
CVE-2020-7061

PHP PHPOOB read in php_strip_tags_ex

Risk 70
Severity
9.1
First published (updated )
CVE-2020-7059
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPglobal buffer-overflow in mbfl_filt_conv_big5_wchar

Risk 70
Severity
9.1
First published (updated )
CVE-2020-7060

PHP PHPmail() may release string with refcount==1 twice

Risk 86
Severity
9.8
First published (updated )
CVE-2019-11049

Zend Zend FrameworkSQL Injection

Risk 86
Severity
9.8
First published (updated )
CVE-2011-1939

redhat/phpUnderflow in PHP-FPM can lead to RCE

Risk 99
Severity
9.8
Exploited
First published (updated )
CVE-2019-11043

PHP Ext-httpIncorrect Type Cast

Risk 86
Severity
9.8
First published (updated )
CVE-2016-7398
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPUse After Free

Risk 91
Severity
9.8
First published (updated )
CVE-2019-13224

PHP PHPOut-of-bounds read in iconv.c

Risk 70
Severity
9.1
First published (updated )
CVE-2019-11039

PHP PHPHeap buffer overflow in EXIF extension

Risk 70
Severity
9.1
First published (updated )
CVE-2019-11040

PHP imagickOut of bounds memory write in PHP Imagick extension

Risk 88
Severity
9.8
First published (updated )
CVE-2019-11037

Canonical Ubuntu LinuxHeap over-read in PHP EXIF extension

Risk 70
Severity
9.1
First published (updated )
CVE-2019-11036
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203