Browse all 4 CVE security advisories affecting PHP. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PHP serves as a server-side scripting language primarily for web application development, powering dynamic content generation and database interactions. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insecure coding practices and insufficient input validation. While the current four CVEs indicate relatively low recent vulnerability counts, past incidents like the catastrophic RCE flaws in versions 4.3.9 and earlier demonstrate how misconfigurations and outdated implementations can lead to significant compromises. Its open-source nature allows for rapid patching, but legacy systems remain vulnerable, emphasizing the need for regular updates and secure coding practices to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24895 | FrankenPHP affected by Path Confusion via Unicode casing in CGI path splitting allows execution of arbitrary files — frankenphpCWE-180 | 8.2AI | HighAI | 2026-02-12 |
| CVE-2026-24894 | FrankenPHP leaks session data between requests in worker mode — frankenphpCWE-269 | 5.9AI | MediumAI | 2026-02-12 |
| CVE-2014-3622 | PHP Posthandler 资源管理错误漏洞 — PHP | 9.8 | - | 2020-02-19 |
| CVE-2019-11043 | Underflow in PHP-FPM can lead to RCE — PHPCWE-120 | 8.7 | High | 2019-10-28 |
This page lists every published CVE security advisory associated with PHP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.