CRITICAL9.8CVE-2026-7261SoapServer session-persisted object use-after-free via SOAP header fault from 0, < 8.2.31-1~deb12u1
from 0, < 8.2.31-1~deb12u1
CRITICAL9.8SQL injection in pdo_firebird via NUL bytes in quoted strings
from 0, < 8.2.31-1~deb12u1
CRITICAL9.8Stream HTTP wrapper truncates redirect location to 1024 bytes
from 0, < 8.2.28-1~deb12u1
CRITICAL9.8Integer overflow in the firebird and dblib quoters causing OOB writes
from 0, < 8.2.26-1~deb12u1
CRITICAL9.8OOB access in ldap_escape
from 0, < 8.2.26-1~deb12u1
CRITICAL9.8Buffer overflow and overread in phar_dir_read()
from 0, < 8.2.18-1~deb12u1
CRITICAL9.1php7.4 - security update
from 0, < 8.2.1-1
HIGH8.8PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
from 0, < 8.2.24-1~deb12u1
HIGH8.2php7.4 - security update
from 0, < 8.2.30-1~deb12u1
HIGH8.2php8.2 - security update
from 0, < 8.2.26-1~deb12u1
HIGH8.2php8.2 - security update
from 0, < 8.2.26-1~deb12u1
HIGH8.1Array overrun in common path resolve code
from 0, < 8.2.4-1
HIGH7.5Signed integer overflow in metaphone()
from 0, < 8.2.31-1~deb12u1
HIGH7.5NULL pointer dereference in SOAP apache:Map decoder with missing <value>
from 0, < 8.2.31-1~deb12u1
HIGH7.5Out-of-bounds read in urldecode() on NetBSD
from 0, < 8.2.31-1~deb12u1
HIGH7.5NULL Pointer Dereference in PDO quoting
from 0, < 8.2.30-1~deb12u1
HIGH7.5php8.2 - security update
from 0, < 8.2.30-1~deb12u1
HIGH7.5php8.2 - security update
from 0, < 8.2.30-1~deb12u1
HIGH7.5pgsql extension does not check for errors during escaping
from 0, < 8.2.29-1~deb12u1
HIGH7.5cgi.force_redirect configuration is bypassable due to the environment variable collision
from 0, < 8.2.24-1~deb12u1
HIGH7.5php8.2 - security update
from 0, < 8.2.18-1~deb12u1
HIGH7.5php8.2 - security update
from 0, < 8.2.18-1~deb12u1
HIGH7.5DoS vulnerability when parsing multipart request body
from 0, < 8.2.4-1
HIGH7.3Stream HTTP wrapper header check might omit basic auth header
from 0, < 8.2.28-1~deb12u1
HIGH7.2Configuring a proxy in a stream context might allow for CRLF injection in URIs
from 0, < 8.2.26-1~deb12u1
MEDIUM6.5Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
from 0, < 8.2.31-1~deb12u1
MEDIUM6.5PHP function password_verify can erroneously return true when argument contains NUL
from 0, < 8.2.18-1~deb12u1
MEDIUM6.5php7.3 - security update
from 0, < 8.2.18-1~deb12u1
MEDIUM6.2password_verify() always returns true for some invalid hashes
from 0, < 8.2.4-1
MEDIUM6.1XSS within PHP-FPM status endpoint
from 0, < 8.2.31-1~deb12u1
MEDIUM5.9NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
from 0, < 8.2.29-1~deb12u1
MEDIUM5.9PHP is vulnerable to the Marvin Attack
from 0, < 8.2.18-1
MEDIUM5.8Leak partial content of the heap through heap buffer over-read in mysqlnd
from 0, < 8.2.26-1~deb12u1
MEDIUM5.3php8.2 - security update
from 0, < 8.2.29-1~deb12u1
MEDIUM5.3php8.2 - security update
from 0, < 8.2.29-1~deb12u1
MEDIUM5.3Streams HTTP wrapper does not fail for headers with invalid name and no colon
from 0, < 8.2.28-1~deb12u1
MEDIUM5.3libxml streams use wrong content-type header when requesting a redirected resource
from 0, < 8.2.28-1~deb12u1
MEDIUM5.3php8.2 - security update
from 0, < 8.2.24-1~deb12u1
MEDIUM5.3php8.2 - security update
from 0, < 8.2.24-1~deb12u1
MEDIUM5.3php8.2 - security update
from 0, < 8.2.20-1~deb12u1
MEDIUM5.3php8.2 - security update
from 0, < 8.2.20-1~deb12u1
MEDIUM4.3php8.2 - security update
from 0, < 8.2.7-1~deb12u1
MEDIUM4.3php8.2 - security update
from 0, < 8.2.7-1~deb12u1
LOW3.3PHP-FPM logs from children may be altered
from 0, < 8.2.24-1~deb12u1
LOW3.1php8.2 - security update
from 0, < 8.2.28-1~deb12u1
LOW3.1php8.2 - security update
from 0, < 8.2.28-1~deb12u1