CRITICAL9.8CVE-2026-7261SoapServer session-persisted object use-after-free via SOAP header fault from 0, < 8.2.31-1~deb12u1
from 0, < 8.2.31-1~deb12u1
CRITICAL9.8CVE-2025-14179SQL injection in pdo_firebird via NUL bytes in quoted strings from 0, < 8.2.31-1~deb12u1
CRITICAL9.8CVE-2025-1861Stream HTTP wrapper truncates redirect location to 1024 bytes from 0, < 8.2.28-1~deb12u1
CRITICAL9.8CVE-2024-11236Integer overflow in the firebird and dblib quoters causing OOB writes from 0, < 8.2.26-1~deb12u1
from 0, < 8.2.26-1~deb12u1
CRITICAL9.8CVE-2023-3824Buffer overflow and overread in phar_dir_read() from 0, < 8.2.18-1~deb12u1
from 0, < 8.2.1-1
HIGH8.8CVE-2024-8926PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass) from 0, < 8.2.24-1~deb12u1
from 0, < 8.2.30-1~deb12u1
HIGH8.2CVE-2024-11233Single byte overread with convert.quoted-printable-decode filter from 0, < 8.2.26-1~deb12u1
HIGH8.2CVE-2024-11233Single byte overread with convert.quoted-printable-decode filter from 0, < 8.2.26-1~deb12u1
from 0, < 8.2.4-1
from 0, < 8.2.31-1~deb12u1
HIGH7.5CVE-2026-7262NULL pointer dereference in SOAP apache:Map decoder with missing <value> from 0, < 8.2.31-1~deb12u1
from 0, < 8.2.31-1~deb12u1
from 0, < 8.2.30-1~deb12u1
from 0, < 8.2.30-1~deb12u1
from 0, < 8.2.30-1~deb12u1
HIGH7.5CVE-2025-1735pgsql extension does not check for errors during escaping from 0, < 8.2.29-1~deb12u1
HIGH7.5CVE-2024-8927cgi.force_redirect configuration is bypassable due to the environment variable collision from 0, < 8.2.24-1~deb12u1
HIGH7.5CVE-2023-3823Security issue with external entity loading in XML without enabling it from 0, < 8.2.18-1~deb12u1
HIGH7.5CVE-2023-3823Security issue with external entity loading in XML without enabling it from 0, < 8.2.18-1~deb12u1
HIGH7.5CVE-2023-0662DoS vulnerability when parsing multipart request body from 0, < 8.2.4-1
HIGH7.3CVE-2025-1736Stream HTTP wrapper header check might omit basic auth header from 0, < 8.2.28-1~deb12u1
HIGH7.2CVE-2024-11234Configuring a proxy in a stream context might allow for CRLF injection in URIs from 0, < 8.2.26-1~deb12u1
MEDIUM6.5CVE-2026-7259Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() from 0, < 8.2.31-1~deb12u1
MEDIUM6.5CVE-2024-3096PHP function password_verify can erroneously return true when argument contains NUL from 0, < 8.2.18-1~deb12u1
MEDIUM6.5CVE-2024-2756__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix from 0, < 8.2.18-1~deb12u1
MEDIUM6.2CVE-2023-0567password_verify() always returns true for some invalid hashes from 0, < 8.2.4-1
from 0, < 8.2.31-1~deb12u1
MEDIUM5.9CVE-2025-6491NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix from 0, < 8.2.29-1~deb12u1
from 0, < 8.2.18-1
MEDIUM5.8CVE-2024-8929Leak partial content of the heap through heap buffer over-read in mysqlnd from 0, < 8.2.26-1~deb12u1
from 0, < 8.2.29-1~deb12u1
from 0, < 8.2.29-1~deb12u1
MEDIUM5.3CVE-2025-1734Streams HTTP wrapper does not fail for headers with invalid name and no colon from 0, < 8.2.28-1~deb12u1
MEDIUM5.3CVE-2025-1219libxml streams use wrong content-type header when requesting a redirected resource from 0, < 8.2.28-1~deb12u1
from 0, < 8.2.24-1~deb12u1
from 0, < 8.2.24-1~deb12u1
MEDIUM5.3CVE-2024-5458Filter bypass in filter_var (FILTER_VALIDATE_URL) from 0, < 8.2.20-1~deb12u1
MEDIUM5.3CVE-2024-5458Filter bypass in filter_var (FILTER_VALIDATE_URL) from 0, < 8.2.20-1~deb12u1
MEDIUM4.3CVE-2023-3247Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP from 0, < 8.2.7-1~deb12u1
MEDIUM4.3CVE-2023-3247Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP from 0, < 8.2.7-1~deb12u1
from 0, < 8.2.24-1~deb12u1
LOW3.1CVE-2025-1217Header parser of http stream wrapper does not handle folded headers from 0, < 8.2.28-1~deb12u1
LOW3.1CVE-2025-1217Header parser of http stream wrapper does not handle folded headers from 0, < 8.2.28-1~deb12u1