Filter By Severity
CVESeverity     Type TypeSubjectDate DateAffected Versions Affected VersionsFixed Products
CVE-2024-11235Critical

Remote Code Execution

Reference counting in `php_request_shutdown` causes Use-After-Free.

2025-03-14

8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 8.3
ZendPHP 8.4
CVE-2025-1217Low

Cross-Site Request Forgery

Header parser of `http` stream wrapper does not handle folded headers

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2025-1219Low

Cross-Site Request Forgery

libxml streams use wrong content-type header when requesting a redirected resource.

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2025-1734High

Cross-Site Request Forgery

Streams HTTP wrapper does not fail for headers without colon

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2025-1736Moderate

Denial of Service

Stream HTTP wrapper header check might omit basic auth header

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2025-1861Critical

Cross-Site Request Forgery

Stream HTTP wrapper truncate redirect location to 1024 bytes

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2024-11233Moderate

Information Disclosure

Single byte overread with convert.quoted-printable-decode filter

2024-11-23

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
CVE-2024-11234Moderate

Cross-Site Request Forgery

Configuring a proxy in a stream context might allow for CRLF injection in URIs

2024-11-23

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
CVE-2024-11236Critical

Cross-Site Request Forgery

Integer overflow in the dblib quoter causing OOB writes

2024-11-23

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
CVE-2024-8929Moderate

Information Disclosure

Leak partial content of the heap through heap buffer over-read

2024-11-22

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
Page
Sort by severity
Sort by type
Sort by date
Sort by php versions affected