Filter By Severity
CVESeverity     Type TypeSubjectDate DateAffected Versions Affected VersionsFixed Products
CVE-2025-1217Low

Cross-Site Request Forgery

Header parser of `http` stream wrapper does not handle folded headers

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
CVE-2025-1219Low

Cross-Site Request Forgery

libxml streams use wrong content-type header when requesting a redirected resource.

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
CVE-2025-1734High

Cross-Site Request Forgery

Streams HTTP wrapper does not fail for headers without colon

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
CVE-2025-1736Moderate

Denial of Service

Stream HTTP wrapper header check might omit basic auth header

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
CVE-2025-1861Critical

Cross-Site Request Forgery

Stream HTTP wrapper truncate redirect location to 1024 bytes

2025-03-14

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
CVE-2024-11233Moderate

Information Disclosure

Single byte overread with convert.quoted-printable-decode filter

2024-11-23

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-11234Moderate

Cross-Site Request Forgery

Configuring a proxy in a stream context might allow for CRLF injection in URIs

2024-11-23

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-11236Critical

Cross-Site Request Forgery

Integer overflow in the dblib quoter causing OOB writes

2024-11-23

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-8929Moderate

Information Disclosure

Leak partial content of the heap through heap buffer over-read

2024-11-22

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-8932Critical

Cross-Site Request Forgery

php: OOB access in ldap_escape

2024-11-22

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
Page
Sort by severity
Sort by type
Sort by date
Sort by php versions affected