Innovate faster and cut risk with PHP experts from Zend Services.
Explore Services
See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP
Read More
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Explore Training
Submit support requests and browse self-service resources.
Explore Support
Remote Code Execution
Reference counting in `php_request_shutdown` causes Use-After-Free.
2025-03-14
Cross-Site Request Forgery
Header parser of `http` stream wrapper does not handle folded headers
libxml streams use wrong content-type header when requesting a redirected resource.
Streams HTTP wrapper does not fail for headers without colon
Denial of Service
Stream HTTP wrapper header check might omit basic auth header
Stream HTTP wrapper truncate redirect location to 1024 bytes
Information Disclosure
Single byte overread with convert.quoted-printable-decode filter
2024-11-23
Configuring a proxy in a stream context might allow for CRLF injection in URIs
Integer overflow in the dblib quoter causing OOB writes
Leak partial content of the heap through heap buffer over-read
2024-11-22
