pkg:Debian/php8.4

23 total CVEsCRITICAL5HIGH11MEDIUM6LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-7261SoapServer session-persisted object use-after-free via SOAP header fault
    from 0, < 8.4.21-1~deb13u1
  • CRITICAL9.8CVE-2026-6722Use-After-Free in SOAP using Apache map
    from 0, < 8.4.21-1~deb13u1
  • CRITICAL9.8CVE-2025-14179SQL injection in pdo_firebird via NUL bytes in quoted strings
    from 0, < 8.4.21-1~deb13u1
  • CRITICAL9.8CVE-2025-1861Stream HTTP wrapper truncates redirect location to 1024 bytes
    from 0, < 8.4.5-1
  • CRITICAL9.1CVE-2026-6104Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
    from 0, < 8.4.21-1~deb13u1
  • HIGH8.2CVE-2025-14178Heap buffer overflow in array_merge()
    from 0, < 8.4.16-1~deb13u1
  • HIGH8.1CVE-2024-11235Reference counting in php_request_shutdown causes Use-After-Free
    from 0, < 8.4.5-1
  • HIGH7.5CVE-2026-7263DoS attack via DOMNode::C14N()
    from 0, < 8.4.21-1~deb13u1
  • HIGH7.5CVE-2026-7568Signed integer overflow in metaphone()
    from 0, < 8.4.21-1~deb13u1
  • HIGH7.5CVE-2026-7262NULL pointer dereference in SOAP apache:Map decoder with missing <value>
    from 0, < 8.4.21-1~deb13u1
  • HIGH7.5CVE-2026-7258Out-of-bounds read in urldecode() on NetBSD
    from 0, < 8.4.21-1~deb13u1
  • HIGH7.5CVE-2025-14180NULL Pointer Dereference in PDO quoting
    from 0, < 8.4.16-1~deb13u1
  • HIGH7.5CVE-2025-14177Information Leak of Memory in getimagesize
    from 0, < 8.4.16-1~deb13u1
  • HIGH7.5CVE-2025-14177Information Leak of Memory in getimagesize
    from 0, < 8.4.16-1~deb13u1
  • HIGH7.5CVE-2025-1735pgsql extension does not check for errors during escaping
    from 0, < 8.4.10-1
  • HIGH7.3CVE-2025-1736Stream HTTP wrapper header check might omit basic auth header
    from 0, < 8.4.5-1
  • MEDIUM6.5CVE-2026-7259Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
    from 0, < 8.4.21-1~deb13u1
  • MEDIUM6.1CVE-2026-6735XSS within PHP-FPM status endpoint
    from 0, < 8.4.21-1~deb13u1
  • MEDIUM5.9CVE-2025-6491NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
    from 0, < 8.4.10-1
  • MEDIUM5.3CVE-2025-1220Null byte termination in hostnames
    from 0, < 8.4.10-1
  • MEDIUM5.3CVE-2025-1734Streams HTTP wrapper does not fail for headers with invalid name and no colon
    from 0, < 8.4.5-1
  • MEDIUM5.3CVE-2025-1219libxml streams use wrong content-type header when requesting a redirected resource
    from 0, < 8.4.5-1
  • LOW3.1CVE-2025-1217Header parser of http stream wrapper does not handle folded headers
    from 0, < 8.4.5-1