Filter By Severity
CVESeverity     Type TypeSubjectDate DateAffected Versions Affected VersionsFixed Products
CVE-2024-2408Moderate

Information Disclosure

php: potential exposure to Marvin attack via unsafe implementation of RSA decryption API

2024-06-07

5.6.0-7.1.33
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.28
8.2.0-8.2.19
8.3.0-8.3.7
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.3.5
CVE-2024-4577Critical

Remote Code Execution

php: Argument Injection in PHP-CGI

2024-06-07

5.6.0-7.1.33
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.28
8.2.0-8.2.19
8.3.0-8.3.7
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.3.5
CVE-2024-5458Moderate

Information Disclosure

php: Filter bypass in filter_var FILTER_VALIDATE_URL

2024-06-07

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.28
8.2.0-8.2.19
8.3.0-8.3.7
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.3.5
CVE-2024-5585Low

Remote Code Execution

php: Arguments execute arbitrary commands in Windows shell

2024-06-07

7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.28
8.2.0-8.2.19
8.3.0-8.3.7
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.3.5
CVE-2024-2961High

Remote Code Execution

iconv Buffer Overflow in Specific Character Set Conversions

2024-04-24

5.6.0-8.3.6
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2019.1
ZendServer 2021.3
CVE-2024-2756Moderate

Cross-Site Request Forgery

Host/Secure cookie bypass due to partial CVE-2022-31629 fix

2024-04-12

7.4.0 - 7.4.33
8.0.0 - 8.0.30
8.1.0 - 8.1.27
8.2.0 - 8.2.17
8.3.0 - 8.3.5
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2019.1.6
ZendServer 2021.3.4
CVE-2024-2757High

Denial of Service

Infinite loop in mb_encode_mimeheader for some inputs

2024-04-12

8.3.0 - 8.3.5
ZendPHP 8.3
CVE-2024-3096Moderate

Privilege Escalation

password_verify can erroneously return true

2024-04-12

5.5.0 - 7.1.33
7.2.0 - 7.2.34
7.3.0 - 7.3.33
7.4.0 - 7.4.33
8.0.0 - 8.0.30
8.1.0 - 8.1.27
8.2.0 - 8.2.17
8.3.0 - 8.3.5
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2019.1.6
ZendServer 2021.3.4
CVE-2024-1874Critical

Remote Code Execution

Command injection via array-ish $command parameter of proc_open even if`bypass_shell option enabled on Windows

2024-02-25

7.4.0 - 7.4.33
8.0.0 - 8.0.30
8.1.0 - 8.1.27
8.2.0 - 8.2.17
8.3.0 - 8.3.5
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.3.4
CVE-2023-3823Critical

Cross-Site Request Forgery

XML External Entity vector

2023-08-11

7.2.0 - 7.2.34
7.3.0 - 7.3.33
7.4.0 - 7.4.33
8.0.0 - 8.0.29
8.1.0 - 8.1.21
8.2.0 - 8.2.8
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendServer 2019.1.4
ZendServer 2021.3.2
Page
Sort by severity
Sort by type
Sort by date
Sort by php versions affected