CRITICAL9.8CVE-2026-7261SoapServer session-persisted object use-after-free via SOAP header fault from 0, < 8.4.21-1~deb13u1
from 0, < 8.4.21-1~deb13u1
CRITICAL9.8CVE-2025-14179SQL injection in pdo_firebird via NUL bytes in quoted strings from 0, < 8.4.21-1~deb13u1
CRITICAL9.8CVE-2025-1861Stream HTTP wrapper truncates redirect location to 1024 bytes from 0, < 8.4.5-1
CRITICAL9.1CVE-2026-6104Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding from 0, < 8.4.21-1~deb13u1
from 0, < 8.4.16-1~deb13u1
HIGH8.1CVE-2024-11235Reference counting in php_request_shutdown causes Use-After-Free from 0, < 8.4.5-1
from 0, < 8.4.21-1~deb13u1
from 0, < 8.4.21-1~deb13u1
HIGH7.5CVE-2026-7262NULL pointer dereference in SOAP apache:Map decoder with missing <value> from 0, < 8.4.21-1~deb13u1
from 0, < 8.4.21-1~deb13u1
from 0, < 8.4.16-1~deb13u1
from 0, < 8.4.16-1~deb13u1
from 0, < 8.4.16-1~deb13u1
HIGH7.5CVE-2025-1735pgsql extension does not check for errors during escaping from 0, < 8.4.10-1
HIGH7.3CVE-2025-1736Stream HTTP wrapper header check might omit basic auth header from 0, < 8.4.5-1
MEDIUM6.5CVE-2026-7259Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() from 0, < 8.4.21-1~deb13u1
from 0, < 8.4.21-1~deb13u1
MEDIUM5.9CVE-2025-6491NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix from 0, < 8.4.10-1
from 0, < 8.4.10-1
MEDIUM5.3CVE-2025-1734Streams HTTP wrapper does not fail for headers with invalid name and no colon from 0, < 8.4.5-1
MEDIUM5.3CVE-2025-1219libxml streams use wrong content-type header when requesting a redirected resource from 0, < 8.4.5-1
LOW3.1CVE-2025-1217Header parser of http stream wrapper does not handle folded headers from 0, < 8.4.5-1