Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.5

HIGH

CVE-2015-8874

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call....

Affected Products : leap php
Published: May. 16, 2016

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2015-8873

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls....

Affected Products : leap php
Published: May. 16, 2016

Modified: Apr. 12, 2025
5.9

MEDIUM

CVE-2015-8838

ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to ...

Affected Products : php
Published: May. 16, 2016

Modified: Apr. 12, 2025
9.8

CRITICAL

CVE-2015-8835

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confu...

Affected Products : php
Published: May. 16, 2016

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2015-6838

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a ...

Affected Products : libxml2 php
Published: May. 16, 2016

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2015-6837

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a ...

Affected Products : libxml2 php
Published: May. 16, 2016

Modified: Apr. 12, 2025
9.8

CRITICAL

CVE-2015-6835

The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted ses...

Affected Products : php
Published: May. 16, 2016

Modified: Apr. 12, 2025
9.8

CRITICAL

CVE-2015-6834

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the ...

Affected Products : php
Published: May. 16, 2016

Modified: Apr. 12, 2025
10.0

HIGH

CVE-2015-5589

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmenta...

Affected Products : php
Published: May. 16, 2016

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2015-4644

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial...

Affected Products : enterprise_linux php
Published: May. 16, 2016

Modified: Apr. 12, 2025
9.8

CRITICAL

CVE-2015-4643

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflo...

Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus linux php
Published: May. 16, 2016

Modified: Apr. 12, 2025
10.0

HIGH

CVE-2015-4642

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line argu...

Affected Products : php windows
Published: May. 16, 2016

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2015-4605

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of servi...

Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus php enterprise_linux_hpc_node enterprise_linux_hpc_node_eus
Published: May. 16, 2016

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2015-4604

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial o...

Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus php enterprise_linux_hpc_node enterprise_linux_hpc_node_eus
Published: May. 16, 2016

Modified: Apr. 12, 2025
10.0

HIGH

CVE-2015-4603

The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue....

Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus php enterprise_linux_hpc_node enterprise_linux_hpc_node_eus
Published: May. 16, 2016

Modified: Apr. 12, 2025
10.0

HIGH

CVE-2015-4602

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an une...

Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus php enterprise_linux_hpc_node enterprise_linux_hpc_node_eus
Published: May. 16, 2016

Modified: Apr. 12, 2025
10.0

HIGH

CVE-2015-4601

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and ...

Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus php enterprise_linux_hpc_node enterprise_linux_hpc_node_eus
Published: May. 16, 2016

Modified: Apr. 12, 2025
10.0

HIGH

CVE-2015-4600

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confu...

Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus php enterprise_linux_hpc_node enterprise_linux_hpc_node_eus
Published: May. 16, 2016

Modified: Apr. 12, 2025
10.0

HIGH

CVE-2015-4599

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary cod...

Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus php enterprise_linux_hpc_node enterprise_linux_hpc_node_eus
Published: May. 16, 2016

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2015-4598

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save...

Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus php enterprise_linux_hpc_node enterprise_linux_hpc_node_eus
Published: May. 16, 2016

Modified: Apr. 12, 2025

Showing 20 of 292803 Results

Browse by Apps

Latest CVE Feed

7.5

7.5

5.9

9.8

7.5

7.5

9.8

9.8

10.0

7.5

9.8

10.0

7.5

7.5

10.0

10.0

10.0

10.0

10.0

7.5

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable