| CVE-2025-14177 |
|
Information Disclosure |
Information disclosure via getimagesize() function when reading multi-chunk images |
2025-12-27 |
7.1.0-7.1.34
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.33
8.2.0-8.2.29
8.3.0-8.3.29
8.4.0-8.4.16
8.5.0-8.5.1
|
ZendPHP 7.1
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.5
ZendServer 2021.4.4
|
| CVE-2025-14178 |
|
Denial of Service |
Heap-based buffer overflow in array_merge() |
2025-12-27 |
7.1.0-7.1.34
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.33
8.2.0-8.2.29
8.3.0-8.3.29
8.4.0-8.4.16
8.5.0-8.5.1
|
ZendPHP 7.1
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.5
|
| CVE-2025-14180 |
|
Information Disclosure |
NULL pointer dereference in PDO PostgreSQL driver |
2025-12-27 |
8.1.0-8.1.33
8.2.0-8.2.29
8.3.0-8.3.29
8.4.0-8.4.16
8.5.0-8.5.1
|
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.5
|
| CVE-2025-1220 |
|
Cross-Site Request Forgery |
Hostname Null Character Vulnerability |
2025-07-13 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.32
8.2.0-8.2.28
8.3.0-8.3.22
8.4.0-8.4.9
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.3
|
| CVE-2025-1735 |
|
Cross-Site Request Forgery |
pgsql extension does not check for errors during escaping |
2025-07-05 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.32
8.2.0-8.2.28
8.3.0-8.3.22
8.4.0-8.4.9
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.3
|
| CVE-2025-6491 |
|
XML eXternal Entity injection |
NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix%' ORDER BY 1585-- ioVB |
2025-07-05 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.32
8.2.0-8.2.28
8.3.0-8.3.22
8.4.0-8.4.9
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.3
|
| CVE-2024-11235 |
|
Cross-Site Request Forgery |
Reference counting in `php_request_shutdown` causes Use-After-Free.)) AND 5577=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2)))) AND ((1818=1818 |
2025-03-14 |
8.3.0-8.3.18
|
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.39141469
ZendPHP 8.39627557
|
| CVE-2025-1217 |
|
Cross-Site Request Forgery |
Header parser of `http` stream wrapper does not handle folded headers |
2025-03-14 |
7.2.0-7.2.34
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 7.29073829
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
| CVE-2025-1219 |
|
Cross-Site Request Forgery |
libxml streams use wrong content-type header when requesting a redirected resource. |
2025-03-14 |
7.2.0-7.2.34
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 7.29145962
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
| CVE-2025-1734 |
|
Cross-Site Request Forgery |
Streams HTTP wrapper does not fail for headers without colon |
2025-03-14 |
7.2.0-7.2.34
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 7.29978486
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
