PHP Security Center

Filter By Severity
CVE Severity      Type Type Subject Date Date Affected Versions Affected Versions Fixed Products
CVE-2026-29078 High

Information Disclosure

Out-of-bounds read and write when traversing DOM contents

2026-05-13

 8.4.0-8.4.20
 8.5.0-8.5.5
 		ZendPHP 8.4
 ZendPHP 8.5
CVE-2026-29079 High

Denial of Service

Type-confusion in HTML fragment parsing

2026-05-13

 8.4.0-8.4.20
 8.5.0-8.5.5
 		ZendPHP 8.4
 ZendPHP 8.5
CVE-2025-14179 High

SQL Injection

Invalid NULL byte handling in Firebird prepared queries

2026-05-10

 8.1.0-8.1.34
 8.2.0-8.2.30
 8.3.0-8.3.30
 8.4.0-8.4.20
 8.5.0-8.5.5
 		ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendPHP 8.5
CVE-2026-6104 Moderate

Information Disclosure

NUL byte in mbstring encoding leads to out-of-bounds read

2026-05-10

 8.4.0-8.4.20
 8.5.0-8.5.5
 		ZendPHP 8.4
 ZendPHP 8.5
CVE-2026-6722 Critical

Remote Code Execution

Use After Free in SOAP deduplication leads to remote code execution

2026-05-10

 7.1.0-7.1.33
 7.2.0-7.2.34
 7.3.0-7.3.33
 7.4.0-7.4.33
 8.0.0-8.0.30
 8.1.0-8.1.34
 8.2.0-8.2.30
 8.3.0-8.3.30
 8.4.0-8.4.20
 8.5.0-8.5.5
 		ZendPHP 7.1
 ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendPHP 8.5
 ZendServer 2021.4.5
CVE-2026-6735 High

Cross-Site Scripting

XSS Vulnerability in PHP-FPM status page

2026-05-10

 7.1.0-7.1.33
 7.2.0-7.2.34
 7.3.0-7.3.33
 7.4.0-7.4.33
 8.0.0-8.0.30
 8.1.0-8.1.34
 8.2.0-8.2.30
 8.3.0-8.3.30
 8.4.0-8.4.20
 8.5.0-8.5.5
 		ZendPHP 7.1
 ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendPHP 8.5
 ZendServer 2021.4.5
CVE-2026-7258 Moderate

Denial of Service

Denial of Service via improper handling of signed characters in ctype functions

2026-05-10

 7.1.0-7.1.33
 7.2.0-7.2.34
 7.3.0-7.3.33
 7.4.0-7.4.33
 8.0.0-8.0.30
 8.1.0-8.1.34
 8.2.0-8.2.30
 8.3.0-8.3.30
 8.4.0-8.4.20
 8.5.0-8.5.5
 		ZendPHP 7.1
 ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendPHP 8.5
 ZendServer 2021.4.5
CVE-2026-7259 Low

Denial of Service

NULL pointer dereference in mb_regex_encoding

2026-05-10

 8.1.0-8.1.34
 8.2.0-8.2.30
 8.3.0-8.3.30
 8.4.0-8.4.20
 8.5.0-8.5.5
 		ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendPHP 8.5
CVE-2026-7261 Moderate

Information Disclosure

SOAP persistence leads to use-after-free

2026-05-10

 7.1.0-7.1.33
 7.2.0-7.2.34
 7.3.0-7.3.33
 7.4.0-7.4.33
 8.0.0-8.0.30
 8.1.0-8.1.34
 8.2.0-8.2.30
 8.3.0-8.3.30
 8.4.0-8.4.20
 8.5.0-8.5.5
 		ZendPHP 7.1
 ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendPHP 8.5
 ZendServer 2021.4.5
CVE-2026-7262 Low

Denial of Service

Incorrect variable dereference in SOAP decoding

2026-05-10

 7.1.0-7.1.33
 7.2.0-7.2.34
 7.3.0-7.3.33
 7.4.0-7.4.33
 8.0.0-8.0.30
 8.1.0-8.1.34
 8.2.0-8.2.30
 8.3.0-8.3.30
 8.4.0-8.4.20
 8.5.0-8.5.5
 		ZendPHP 7.1
 ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendPHP 8.5
 ZendServer 2021.4.5
Page
Sort by severity
Sort by type
Sort by date
Sort by php versions affected