Php Security Vulnerabilities (CVEs)
Track 26 security vulnerabilities affecting Php products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in FrankenPHP worker mode allows session data from one user's request to be accessible to another user's request processed by the s...
Feb 12, 2026This vulnerability in FrankenPHP allows an attacker to manipulate Unicode characters in request paths to cause the server to execute unintended PHP fi...
Feb 12, 2026This CVE describes an information disclosure vulnerability in PHP's getimagesize() function where uninitialized heap memory can leak into image metada...
Dec 27, 2025A heap buffer overflow vulnerability in PHP's array_merge() function allows memory corruption when merging large packed arrays. This affects PHP serve...
Dec 27, 2025This vulnerability in PHP's PDO PostgreSQL driver causes a null pointer dereference when using prepared statements with invalid character sequences, l...
Dec 27, 2025This vulnerability in PHP's PostgreSQL extensions (pgsql and pdo_pgsql) fails to properly handle errors when escaping strings for database queries. If...
Jul 13, 2025This CVE describes an insufficient validation vulnerability in PHP's header handling that could allow attackers to manipulate HTTP headers. When user-...
Mar 30, 2025This CVE describes a buffer size limitation vulnerability in PHP's HTTP redirect parsing. When PHP processes HTTP redirect responses, it truncates loc...
Mar 30, 2025This vulnerability in PHP's DOM and SimpleXML extensions causes incorrect charset detection when processing HTTP resources that redirect, potentially ...
Mar 30, 2025This vulnerability in PHP's PDO::quote() function for SQLite allows SQL injection when processing overly long user-supplied strings. It affects PHP ap...
Feb 12, 2025This vulnerability allows attackers to cause an integer overflow in PHP's ldap_escape() function on 32-bit systems by providing long string inputs, le...
Nov 24, 2024This PHP vulnerability allows attackers to perform HTTP request smuggling when using streams with proxy configurations and the 'request_fulluri' optio...
Nov 24, 2024A memory disclosure vulnerability in PHP's MySQL client allows a malicious MySQL server to read heap memory from the client. This could expose sensiti...
Nov 22, 2024This vulnerability allows attackers to cause an integer overflow in PHP's ldap_escape() function on 32-bit systems by providing long string inputs, le...
Nov 22, 2024This CVE allows command injection in PHP on Windows systems with specific non-standard codepage configurations, bypassing previous CVE-2024-4577 fixes...
Oct 8, 2024This is a critical PHP CGI argument injection vulnerability affecting Windows servers running Apache with PHP-CGI. It allows attackers to bypass prote...
Jun 9, 2024This vulnerability allows remote command execution on Windows systems when using PHP's proc_open() function with array syntax. An attacker can inject ...
Jun 9, 2024This vulnerability in PHP's mb_encode_mimeheader() function causes infinite loops when processing specific input patterns, leading to denial of servic...
Apr 29, 2024This vulnerability allows remote command execution on Windows systems running vulnerable PHP versions. When using proc_open() with array syntax, insuf...
Apr 29, 2024CVE-2024-3566 is a command injection vulnerability affecting Windows applications that use CreateProcess function with improper argument quoting. Atta...
Apr 10, 2024This CVE describes a stack buffer overflow vulnerability in PHP's PHAR file handling that could lead to memory corruption or remote code execution. It...
Aug 11, 2023A vulnerability in PHP's password_verify() function allows invalid Blowfish password hashes to be accepted as valid. This could enable authentication ...
Mar 1, 2023A buffer overflow vulnerability in PHP's path resolution function allows writing a null byte beyond allocated memory when processing paths near system...
Feb 16, 2023This CVE describes a buffer overflow vulnerability in PHP's pdo_mysql extension with mysqlnd driver when connecting with an excessively long password....
Jun 16, 2022CVE-2022-27157 is a weak password recovery mechanism vulnerability in pearweb that allows attackers to reset passwords without proper authentication. ...
Apr 15, 2022CVE-2022-26635 is an improper NULL termination vulnerability in PHP-Memcached v2.2.0 and below that allows attackers to execute CRLF injection attacks...
Apr 5, 2022Why Monitor Php Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 26+ known vulnerabilities affecting Php products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Php packages in under 60 seconds. No agents required - completely agentless scanning that works across Php deployments.
Free vulnerability database: Access detailed information about every Php CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Php CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
