Web Development

In PHP versions 1.0 a low severity vulnerability CVE-2026-5106 was detected. A flaw in the admin update file /admin/update_fst.php allows an unknown function-level issue that could be exploited to manipulate exam form submissions. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5106.

In PHP versions 8.1 before 8.1.34, 8.2 before 8.2.30, 8.3 before 8.3.29, and 8.4 before 8.4.16 a high severity vulnerability CVE-2025-14180 was detected. This vulnerability affects the PDO PostgreSQL driver when PDO::ATTR_EMULATE_PREPARES is enabled and may lead to a null pointer dereference caused by invalid character sequences in prepared statement parameters, resulting in server crashes and reduced availability. To address this issue, users should upgrade to PHP version 8.1.34, 8.2.30, 8.3.29, 8.4.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14180.

In PHP versions 8.1 before 8.1.34, 8.2 before 8.2.30, 8.3 before 8.3.29, 8.4 before 8.4.16, and 8.5 before 8.5.1 a medium severity vulnerability CVE-2025-14178 was detected. This vulnerability affects the array_merge() function and may lead to memory corruption or crashes due to a heap buffer overflow when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE. To address this issue, users should upgrade to PHP version 8.1.34, 8.2.30, 8.3.29, 8.4.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14178.

In PHP versions 8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, and 8.4.* a medium severity vulnerability CVE-2025-1735 was detected. This vulnerability is caused by improper error handling in the pgsql and pdo_pgsql escaping functions, which fail to check for errors returned by the underlying quoting mechanisms, potentially leading to crashes if the PostgreSQL server rejects an invalid string. To address this issue, users should upgrade PHP to versions 8.1.33, 8.2.29, 8.3.23 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1735.

In PHP versions 8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23 and 8.4.* before 8.4.10 a medium severity vulnerability CVE-2025-6491 was detected. This vulnerability allows attackers to cause a null pointer dereference by parsing XML data with an overly large (>2GB) XML namespace prefix in SOAP extensions, potentially leading to crashes and impacting server availability. To address this issue, users should upgrade PHP to versions 8.1.33, 8.2.29, 8.3.23 or 8.4.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6491.

In PHP versions from 8.3.0 to before 8.3.19 and from 8.4.0 to before 8.4.5 a critical severity vulnerability CVE-2024-11235 was detected. This vulnerability allows attackers to run code remotely by triggering a memory bug with certain code and inputs. To address this issue, users should upgrade PHP to versions 8.3.19 or 8.4.5. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11235.

In PHP versions up to 8.1.31, 8.2.27, 8.3.18 and 8.4.4 a medium severity vulnerability CVE-2025-1219 was detected. This vulnerability allows incorrect parsing of documents or bypassing of validations due to the wrong content-type header being used to determine the charset during HTTP redirects. To address this issue, users should upgrade PHP to versions 8.1.32, 8.2.28, 8.3.19, 8.4.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1219.

In PHP versions up to 8.1.31, 8.2.27, 8.3.18 and 8.4.4 a medium severity vulnerability CVE-2025-1734 was detected. This vulnerability allows invalid headers, specifically those missing a colon (:), to be incorrectly treated as valid headers, potentially leading to unexpected behavior or security vulnerabilities such as header injection attacks. To address this issue, users should upgrade PHP to versions 8.1.32, 8.2.28, 8.3.19, 8.4.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1734.

In PHP versions 8.1.* before 8.1.32, 8.2.* before 8.2.28, 8.3.* before 8.3.19 and 8.4.* before 8.4.5 a medium severity vulnerability CVE-2025-1217 was detected. This vulnerability causes incorrect parsing of folded HTTP headers in the HTTP request module, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc. To address this issue, users should upgrade PHP to versions 8.1.32, 8.2.28, 8.3.19, 8.4.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1217.