Skip to main content

PHP Security Center

Filter By Severity
CVE Severity      Type Type Subject Date Date Affected Versions Affected Versions Fixed Products
CVE-2025-1220 Low

Cross-Site Request Forgery

php: PHP Hostname Null Character Vulnerability

2025-07-13

CVE-2025-1735 Low

Cross-Site Request Forgery

php: pgsql extension does not check for errors during escaping

2025-07-05

CVE-2025-6491 Low

Cross-Site Request Forgery

php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

2025-07-05

CVE-2024-11235 High

Cross-Site Request Forgery

Reference counting in `php_request_shutdown` causes Use-After-Free.

2025-03-14

8.3.0-8.3.18
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.39141469
ZendPHP 8.39627557
CVE-2025-1217 Low

Cross-Site Request Forgery

Header parser of `http` stream wrapper does not handle folded headers

2025-03-14

7.2.0-7.2.34
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 7.29073829
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2025-1219 Low

Cross-Site Request Forgery

libxml streams use wrong content-type header when requesting a redirected resource.

2025-03-14

7.2.0-7.2.34
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 7.29145962
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2025-1734 Low

Cross-Site Request Forgery

Streams HTTP wrapper does not fail for headers without colon

2025-03-14

7.2.0-7.2.34
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 7.29978486
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2025-1736 Low

Cross-Site Request Forgery

Stream HTTP wrapper header check might omit basic auth header

2025-03-14

7.2.0-7.2.34
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 7.29685875
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2025-1861 Low

Cross-Site Request Forgery

Stream HTTP wrapper truncate redirect location to 1024 bytes

2025-03-14

7.2.0-7.2.34
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2024-11233 Low

Cross-Site Request Forgery

"+response.write(9280695*9351989)+"

2024-11-23

7.2.0-7.2.34
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 7.29108429
ZendPHP 7.29357358
ZendPHP 7.29819071
ZendPHP 7.29868234
ZendPHP 7.29914703
ZendPHP 7.29921362
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
Page
Sort by severity
Sort by type
Sort by date
Sort by php versions affected