Download
| Alert*
|
CVE-2022-4900
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. CVE-2024-2756 Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host-��or __Secure-��cookie by PHP applications.�� CVE-2024-3096 In PHP�� version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if��a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. |
