Skip to main content

PHP Security Center

Filter By Severity
CVE Severity      Type Type Subject Date Date Affected Versions Affected Versions Fixed Products
CVE-2026-29078 Moderate

Remote Code Execution

Out-of-bounds read and write when traversing DOM contents

2026-05-13

8.4.0-8.4.20
8.5.0-8.5.5
ZendPHP 8.4
ZendPHP 8.5
CVE-2026-29079 Critical

Cross-Site Request Forgery

Type-confusion in HTML fragment parsing

2026-05-13

8.4.0-8.4.20
8.5.0-8.5.5
ZendPHP 8.4
ZendPHP 8.5
CVE-2025-14179 Critical

Cross-Site Request Forgery

Invalid NULL byte handling in Firebird prepared queries

2026-05-10

8.1.0-8.1.34
8.2.0-8.2.30
8.3.0-8.3.30
8.4.0-8.4.20
8.5.0-8.5.5
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.5
CVE-2026-6104 Critical

Cross-Site Request Forgery

NUL byte in mbstring encoding leads to out-of-bounds read

2026-05-10

8.4.0-8.4.20
8.5.0-8.5.5
ZendPHP 8.4
ZendPHP 8.5
CVE-2026-6722 Critical

Cross-Site Request Forgery

Use After Free in SOAP deduplication leads to remote code execution

2026-05-10

7.1.0-7.1.33
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.34
8.2.0-8.2.30
8.3.0-8.3.30
8.4.0-8.4.20
8.5.0-8.5.5
ZendPHP 7.1
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.5
ZendServer 2021.4.5
CVE-2026-6735 Critical

Cross-Site Request Forgery

XSS Vulnerability in PHP-FPM status page

2026-05-10

7.1.0-7.1.33
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.34
8.2.0-8.2.30
8.3.0-8.3.30
8.4.0-8.4.20
8.5.0-8.5.5
ZendPHP 7.1
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.5
ZendServer 2021.4.5
CVE-2026-7258 Moderate

Remote Code Execution

Denial of Service via improper handling of signed characters in ctype functions

2026-05-10

7.1.0-7.1.33
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.34
8.2.0-8.2.30
8.3.0-8.3.30
8.4.0-8.4.20
8.5.0-8.5.5
ZendPHP 7.1
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.5
ZendServer 2021.4.5
CVE-2026-7259 Critical

Cross-Site Request Forgery

NULL pointer dereference in mb_regex_encoding

2026-05-10

8.1.0-8.1.34
8.2.0-8.2.30
8.3.0-8.3.30
8.4.0-8.4.20
8.5.0-8.5.5
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.5
CVE-2026-7261 Critical

Cross-Site Request Forgery

SOAP persistence leads to use-after-free

2026-05-10

7.1.0-7.1.33
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.34
8.2.0-8.2.30
8.3.0-8.3.30
8.4.0-8.4.20
8.5.0-8.5.5
ZendPHP 7.1
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.5
ZendServer 2021.4.5
CVE-2026-7262 Critical

Cross-Site Request Forgery

Incorrect variable dereference in SOAP decoding

2026-05-10

7.1.0-7.1.33
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.34
8.2.0-8.2.30
8.3.0-8.3.30
8.4.0-8.4.20
8.5.0-8.5.5
ZendPHP 7.1
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.5
ZendServer 2021.4.5
Page
Sort by severity
Sort by type
Sort by date
Sort by php versions affected