CRITICAL9.8CVE-2026-7261SoapServer session-persisted object use-after-free via SOAP header fault from 0, < 8.4.21-1~deb13u1
from 0, < 8.4.21-1~deb13u1
CRITICAL9.8SQL injection in pdo_firebird via NUL bytes in quoted strings
from 0, < 8.4.21-1~deb13u1
CRITICAL9.8Stream HTTP wrapper truncates redirect location to 1024 bytes
from 0, < 8.4.5-1
CRITICAL9.1Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
from 0, < 8.4.21-1~deb13u1
HIGH8.2Heap buffer overflow in array_merge()
from 0, < 8.4.16-1~deb13u1
HIGH8.1Reference counting in php_request_shutdown causes Use-After-Free
from 0, < 8.4.5-1
HIGH7.5DoS attack via DOMNode::C14N()
from 0, < 8.4.21-1~deb13u1
HIGH7.5Signed integer overflow in metaphone()
from 0, < 8.4.21-1~deb13u1
HIGH7.5NULL pointer dereference in SOAP apache:Map decoder with missing <value>
from 0, < 8.4.21-1~deb13u1
HIGH7.5Out-of-bounds read in urldecode() on NetBSD
from 0, < 8.4.21-1~deb13u1
HIGH7.5NULL Pointer Dereference in PDO quoting
from 0, < 8.4.16-1~deb13u1
HIGH7.5Information Leak of Memory in getimagesize
from 0, < 8.4.16-1~deb13u1
HIGH7.5Information Leak of Memory in getimagesize
from 0, < 8.4.16-1~deb13u1
HIGH7.5pgsql extension does not check for errors during escaping
from 0, < 8.4.10-1
HIGH7.3Stream HTTP wrapper header check might omit basic auth header
from 0, < 8.4.5-1
MEDIUM6.5Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
from 0, < 8.4.21-1~deb13u1
MEDIUM6.1XSS within PHP-FPM status endpoint
from 0, < 8.4.21-1~deb13u1
MEDIUM5.9NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
from 0, < 8.4.10-1
MEDIUM5.3Null byte termination in hostnames
from 0, < 8.4.10-1
MEDIUM5.3Streams HTTP wrapper does not fail for headers with invalid name and no colon
from 0, < 8.4.5-1
MEDIUM5.3libxml streams use wrong content-type header when requesting a redirected resource
from 0, < 8.4.5-1
LOW3.1Header parser of http stream wrapper does not handle folded headers
from 0, < 8.4.5-1