php security advisories
3 threat alerts tracking vulnerabilities and security advisories that affect php products.
Vulnios monitors php CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent php security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2017-11362 — php — php
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffe
criticalCVE-2017-11362Critical Vulnerability: CVE-2017-8923 — php — php
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial
criticalCVE-2017-8923Critical Vulnerability: CVE-2016-5873 — php — pecl_http
Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL.
criticalCVE-2016-5873
Track php exposure across your environment
Vulnios automatically cross-references your asset inventory against new php CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan