Filter By Severity
CVESeverity     Type TypeSubjectDate DateAffected Versions Affected VersionsFixed Products
CVE-2024-11235Critical

Cross-Site Request Forgery

Reference counting in `php_request_shutdown` causes Use-After-Free.

2025-03-14

8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 8.3
ZendPHP 8.4
CVE-2025-1217Critical

Cross-Site Request Forgery

Header parser of `http` stream wrapper does not handle folded headers

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2025-1219Critical

Cross-Site Request Forgery

libxml streams use wrong content-type header when requesting a redirected resource.

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2025-1734Moderate

Information Disclosure

Streams HTTP wrapper does not fail for headers without colon

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2025-1736Moderate

Remote Code Execution

Stream HTTP wrapper header check might omit basic auth header

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2025-1861Critical

Cross-Site Request Forgery

Stream HTTP wrapper truncate redirect location to 1024 bytes

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
CVE-2024-11233Critical

Cross-Site Request Forgery

Single byte overread with convert.quoted-printable-decode filter) ORDER BY 1695-- MXbN

2024-11-23

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
CVE-2024-11234Critical

Cross-Site Request Forgery

Configuring a proxy in a stream context might allow for CRLF injection in URIs

2024-11-23

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
CVE-2024-11236Critical

Cross-Site Request Forgery

Integer overflow in the dblib quoter causing OOB writes

2024-11-23

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
CVE-2024-8929Moderate

Remote Code Execution

Leak partial content of the heap through heap buffer over-read

2024-11-22

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
Page
Sort by severity
Sort by type
Sort by date
Sort by php versions affected