Browse all 4 CVE security advisories affecting Zend. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Zend is primarily a PHP framework used for developing web applications and services. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from input validation flaws and insecure deserialization. The framework's security posture has been impacted by several critical issues, including a deserialization vulnerability (CVE-2019-6712) that allowed arbitrary code execution and an XSS flaw (CVE-2020-9484) affecting multiple components. While no major public incidents have been widely documented, the consistent appearance of these vulnerability classes in its CVE history suggests ongoing challenges in secure coding practices and input handling within the framework's ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-32352 | ZendTo 安全漏洞 — ZendToCWE-843 | 4.8 | Medium | 2025-04-05 |
| CVE-2021-47667 | ZendTo 安全漏洞 — ZendToCWE-78 | 10.0 | Critical | 2025-04-05 |
| CVE-2024-9129 | Format String Injection in Zend Server — Zend ServerCWE-134 | 9.4AI | CriticalAI | 2024-10-22 |
| CVE-2015-0270 | Zend Framework PostgreSQL ZendDb adapter SQL注入漏洞 — Zend Framework | 9.8 | - | 2019-10-25 |
This page lists every published CVE security advisory associated with Zend. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.