Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how php compares to other vendors in security performance

View Risk Score →

Simple Fields (WordPress plugin)Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath

Risk 38
Severity
6.9
First published (updated )
CVE-2018-25324

PHP PHPSoapServer session-persisted object use-after-free via SOAP header fault

Risk 61
Severity
6.3
EPSS
0.06%
First published (updated )
CVE-2026-7261

PHP PHPOut-of-bounds read in urldecode() on NetBSD

Risk 31
Severity
6.3
EPSS
0.02%
First published (updated )
CVE-2026-7258

PHP PHPSigned integer overflow in metaphone()

Risk 31
Severity
6.3
EPSS
0.06%
First published (updated )
CVE-2026-7568

PHP PHPDoS attack via DOMNode::C14N()

Risk 31
Severity
6.3
EPSS
0.06%
First published (updated )
CVE-2026-7263
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPGlobal buffer over-read in mb_convert_encoding() with attacker-supplied encoding

Risk 66
Severity
6.3
First published (updated )
CVE-2026-6104

uriparser uriparseruriparser 1.0.1 fixes CVE-2026-42371 (integer overflow)

Risk 32
Severity
5.1
First published (updated )
CVE-2026-42371

PHP PHPBuffer Overflow, Integer Overflow

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2425625

Mautic MauticExposure of sensitive PHP information to an unauthorized control sphere in mautic/mautic images

Risk 19
Severity
5.3
EPSS
0.04%
First published (updated )
CVE-2025-7381

PHP PHPNull byte termination in hostnames

Risk 29
Severity
5.3
First published (updated )
CVE-2025-1220
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPNULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

Risk 27
Severity
5.9
EPSS
0.08%
First published (updated )
CVE-2025-6491

PHP PHPIn PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* befo…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2356046

PHP PHPIn PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* befo…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2356042

PHP PHPIn PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* befo…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2356043

PHP PHPIn PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* befo…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2356041
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPIn PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* befo…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2355917

PHP PHPStreams HTTP wrapper does not fail for headers with invalid name and no colon

Risk 27
Severity
6.3
First published (updated )
CVE-2025-1734

PHP PHPlibxml streams use wrong content-type header when requesting a redirected resource

Risk 27
Severity
6.3
First published (updated )
CVE-2025-1219

PHP PHPHeader parser of http stream wrapper does not handle folded headers

Risk 27
Severity
6.3
First published (updated )
CVE-2025-1217

Phpgurukul Land Record System ProjectSQL Injection

Risk 30
Severity
5.5
EPSS
0.08%
First published (updated )
CVE-2025-25462
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams wi…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2328523

PHP PHPIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in co…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2328521

PHP PHPIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL serve…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2327960

PHP PHPLeak partial content of the heap through heap buffer over-read in mysqlnd

Risk 26
Severity
5.8
EPSS
0.04%
First published (updated )
CVE-2024-8929

PHP PHPErroneous parsing of multipart form data

Risk 20
Severity
5.3
EPSS
0.05%
First published (updated )
CVE-2024-8925
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PHP PHPPHP is vulnerable to the Marvin Attack

Risk 35
Severity
5.9
First published (updated )
CVE-2024-2408

PHP PHPFilter bypass in filter_var (FILTER_VALIDATE_URL)

Risk 20
Severity
5.3
EPSS
0.08%
First published (updated )
CVE-2024-5458

PHP PHPPHP function password_verify can erroneously return true when argument contains NUL

Risk 39
Severity
6.5
First published (updated )
CVE-2024-3096

redhat/php__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

Risk 40
Severity
6.5
First published (updated )
CVE-2024-2756

ubuntu/php8.1Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

Risk 24
Severity
4.3
First published (updated )
CVE-2023-3247
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203