PHP Security Center

Filter By Severity
CVE Severity      Type Type Subject Date Date Affected Versions Affected Versions Fixed Products
CVE-2025-1220 Moderate

Remote File Inclusion

Hostname Null Character Vulnerability

2025-07-13

 7.2.0-7.2.34
 7.3.0-7.3.33
 7.4.0-7.4.33
 8.0.0-8.0.30
 8.1.0-8.1.32
 8.2.0-8.2.28
 8.3.0-8.3.22
 8.4.0-8.4.9
 		ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 8.0
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendServer 2021.4.3
CVE-2025-1735 Critical

Cross-Site Request Forgery

pgsql extension does not check for errors during escaping

2025-07-05

 7.2.0-7.2.34
 7.3.0-7.3.33
 7.4.0-7.4.33
 8.0.0-8.0.30
 8.1.0-8.1.32
 8.2.0-8.2.28
 8.3.0-8.3.22
 8.4.0-8.4.9
 		ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 8.0
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendServer 2021.4.3
CVE-2025-6491 Critical

Cross-Site Request Forgery

NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

2025-07-05

 7.2.0-7.2.34
 7.3.0-7.3.33
 7.4.0-7.4.33
 8.0.0-8.0.30
 8.1.0-8.1.32
 8.2.0-8.2.28
 8.3.0-8.3.22
 8.4.0-8.4.9
 		ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 8.0
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendServer 2021.4.3
CVE-2024-11235 Low

Denial of Service

Reference counting in `php_request_shutdown` causes Use-After-Free.

2025-03-14

 8.3.0-8.3.18
 		ZendPHP 8.3
 ZendPHP 8.4
 ZendPHP 8.39141469
 ZendPHP 8.39627557
CVE-2025-1217 Critical

Cross-Site Request Forgery

Header parser of `http` stream wrapper does not handle folded headers

2025-03-14

 7.2.0-7.2.34
 		ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 7.29073829
 ZendPHP 8.0
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendServer 2021.4.2
CVE-2025-1219 Critical

Cross-Site Request Forgery

libxml streams use wrong content-type header when requesting a redirected resource.

2025-03-14

 7.2.0-7.2.34
 		ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 7.29145962
 ZendPHP 8.0
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendServer 2021.4.2
CVE-2025-1734 Moderate

Cross-Site Request Forgery

Streams HTTP wrapper does not fail for headers without colon

2025-03-14

 7.2.0-7.2.34
 		ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 7.29978486
 ZendPHP 8.0
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendServer 2021.4.2
CVE-2025-1736 Critical

Cross-Site Request Forgery

Stream HTTP wrapper header check might omit basic auth header

2025-03-14

 7.2.0-7.2.34
 		ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 7.29685875
 ZendPHP 8.0
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendServer 2021.4.2
CVE-2025-1861 Critical

Cross-Site Request Forgery

Stream HTTP wrapper truncate redirect location to 1024 bytes

2025-03-14

 7.2.0-7.2.34
 		ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 8.0
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendPHP 8.4
 ZendServer 2021.4.2
CVE-2024-11233 Moderate

Information Disclosure

convert.quoted-printable-decode filter buffer overread

2024-11-23

 7.2.0-7.2.34
 		ZendPHP 7.2
 ZendPHP 7.3
 ZendPHP 7.4
 ZendPHP 7.29108429
 ZendPHP 7.29357358
 ZendPHP 7.29819071
 ZendPHP 7.29868234
 ZendPHP 7.29914703
 ZendPHP 7.29921362
 ZendPHP 8.0
 ZendPHP 8.1
 ZendPHP 8.2
 ZendPHP 8.3
 ZendServer 2021.4.1
Page
Sort by severity
Sort by type
Sort by date
Sort by php versions affected