| CVE-2025-38624 |
|
Cross-Site Request Forgery |
kernel: PCI: pnv_php: Clean up allocated IRQs on unplug |
2025-08-22 |
|
|
| CVE-2025-1220 |
|
Cross-Site Request Forgery |
Hostname Null Character Vulnerability |
2025-07-13 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.32
8.2.0-8.2.28
8.3.0-8.3.22
8.4.0-8.4.9
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.3
|
| CVE-2025-1735 |
|
Cross-Site Request Forgery |
pgsql extension does not check for errors during escaping |
2025-07-05 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.32
8.2.0-8.2.28
8.3.0-8.3.22
8.4.0-8.4.9
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.3
|
| CVE-2025-6491 |
|
Cross-Site Request Forgery |
NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix |
2025-07-05 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.32
8.2.0-8.2.28
8.3.0-8.3.22
8.4.0-8.4.9
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.3
|
| CVE-2024-11235 |
|
Cross-Site Request Forgery |
Reference counting in `php_request_shutdown` causes Use-After-Free.)) AND 5577=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2)))) AND ((1818=1818 |
2025-03-14 |
8.3.0-8.3.18
|
ZendPHP 8.3
ZendPHP 8.4
ZendPHP 8.39141469
ZendPHP 8.39627557
|
| CVE-2025-1217 |
|
Cross-Site Request Forgery |
Header parser of `http` stream wrapper does not handle folded headers |
2025-03-14 |
7.2.0-7.2.34
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 7.29073829
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
| CVE-2025-1219 |
|
Cross-Site Request Forgery |
libxml streams use wrong content-type header when requesting a redirected resource. |
2025-03-14 |
7.2.0-7.2.34
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 7.29145962
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
| CVE-2025-1734 |
|
Remote Code Execution |
Streams HTTP wrapper does not fail for headers without colon |
2025-03-14 |
7.2.0-7.2.34
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 7.29978486
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
| CVE-2025-1736 |
|
Cross-Site Request Forgery |
Stream HTTP wrapper header check might omit basic auth header |
2025-03-14 |
7.2.0-7.2.34
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 7.29685875
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
| CVE-2025-1861 |
|
Cross-Site Request Forgery |
Stream HTTP wrapper truncate redirect location to 1024 bytes |
2025-03-14 |
7.2.0-7.2.34
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
