Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/935086?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "type": "deb", "namespace": "debian", "name": "php7.4", "version": "7.4.33-1+deb11u5", "qualifiers": { "distro": "bullseye" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "7.4.33-1+deb11u6", "latest_non_vulnerable_version": "7.4.33-1+deb11u10", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50872?format=api", "vulnerability_id": "VCID-11jg-tu1t-abh6", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31629.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15416", "scoring_system": "epss", "scoring_elements": "0.94621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.15416", "scoring_system": "epss", "scoring_elements": "0.94668", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.15416", "scoring_system": "epss", "scoring_elements": "0.94627", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.15416", "scoring_system": "epss", "scoring_elements": "0.94628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.15416", "scoring_system": "epss", "scoring_elements": "0.94638", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.15416", "scoring_system": "epss", "scoring_elements": "0.94642", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.15416", "scoring_system": "epss", "scoring_elements": "0.94647", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.15416", "scoring_system": "epss", "scoring_elements": "0.94651", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.15416", "scoring_system": "epss", "scoring_elements": "0.94659", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.15416", "scoring_system": "epss", "scoring_elements": "0.94662", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.15416", "scoring_system": "epss", "scoring_elements": "0.94667", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/12/11", "reference_id": "11", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:53:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/12/11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133687", "reference_id": "2133687", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133687" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/", "reference_id": "2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:53:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/" }, { "reference_url": "https://bugs.php.net/bug.php?id=81727", "reference_id": "bug.php?id=81727", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:53:33Z/" } ], "url": "https://bugs.php.net/bug.php?id=81727" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5277", "reference_id": "dsa-5277", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:53:33Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5277" }, { "reference_url": "https://security.gentoo.org/glsa/202211-03", "reference_id": "GLSA-202211-03", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:53:33Z/" } ], "url": "https://security.gentoo.org/glsa/202211-03" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY/", "reference_id": "KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:53:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSJVPJTX7T3J5V7XHR4MFNHZGP44R5XE/", "reference_id": "LSJVPJTX7T3J5V7XHR4MFNHZGP44R5XE", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:53:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSJVPJTX7T3J5V7XHR4MFNHZGP44R5XE/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html", "reference_id": "msg00030.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:53:33Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221209-0001/", "reference_id": "ntap-20221209-0001", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:53:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221209-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0848", "reference_id": "RHSA-2023:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0965", "reference_id": "RHSA-2023:0965", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2417", "reference_id": "RHSA-2023:2417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2903", "reference_id": "RHSA-2023:2903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2903" }, { "reference_url": "https://usn.ubuntu.com/5717-1/", "reference_id": "USN-5717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5717-1/" }, { "reference_url": "https://usn.ubuntu.com/5905-1/", "reference_id": "USN-5905-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5905-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/", "reference_id": "VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:53:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/", "reference_id": "XNIEABBH5XCXLFWWZYIDE457SPEDZTXV", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:53:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY/", "reference_id": "ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:53:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935099?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-31629" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11jg-tu1t-abh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72687?format=api", "vulnerability_id": "VCID-1re1-15w4-cqeq", "summary": "php: Leak partial content of the heap through heap buffer over-read in mysqlnd", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8929.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8929.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71253", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71199", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71185", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71169", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71215", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71221", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71163", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00663", "scoring_system": "epss", "scoring_elements": "0.71176", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.71566", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.71584", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8929" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688", "reference_id": "1088688", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327960", "reference_id": "2327960", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327960" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678", "reference_id": "GHSA-h35g-vwh6-m678", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-22T17:37:12Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7315", "reference_id": "RHSA-2025:7315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7157-1/", "reference_id": "USN-7157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7157-1/" }, { "reference_url": "https://usn.ubuntu.com/7157-3/", "reference_id": "USN-7157-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7157-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935103?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u7?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u7%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-8929" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1re1-15w4-cqeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65493?format=api", "vulnerability_id": "VCID-26ab-3bt8-jkf3", "summary": "php: heap-based buffer overflow in array_merge()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14178.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05863", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06081", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05895", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05905", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06057", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05889", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05927", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05966", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05947", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05938", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05929", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14178" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14178" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574", "reference_id": "1123574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425625", "reference_id": "2425625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425625" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2", "reference_id": "GHSA-h96m-rvf9-jgm2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:00:50Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1169", "reference_id": "RHSA-2026:1169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1185", "reference_id": "RHSA-2026:1185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1187", "reference_id": "RHSA-2026:1187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1190", "reference_id": "RHSA-2026:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1409", "reference_id": "RHSA-2026:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1412", "reference_id": "RHSA-2026:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1429", "reference_id": "RHSA-2026:1429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1628", "reference_id": "RHSA-2026:1628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2799", "reference_id": "RHSA-2026:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4077", "reference_id": "RHSA-2026:4077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4086", "reference_id": "RHSA-2026:4086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4212", "reference_id": "RHSA-2026:4212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4266", "reference_id": "RHSA-2026:4266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4507", "reference_id": "RHSA-2026:4507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4514", "reference_id": "RHSA-2026:4514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4517", "reference_id": "RHSA-2026:4517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7614", "reference_id": "RHSA-2026:7614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7614" }, { "reference_url": "https://usn.ubuntu.com/7953-1/", "reference_id": "USN-7953-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7953-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935106?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u10?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u10%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-14178" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26ab-3bt8-jkf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43015?format=api", "vulnerability_id": "VCID-2adj-dp22-xyeb", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which\n could result in the execution of arbitrary shell commands.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7062.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78485", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78491", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78521", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78505", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78531", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78537", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78562", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78544", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78536", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78564", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78563", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.7856", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78592", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808532", "reference_id": "1808532", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808532" }, { "reference_url": "https://security.gentoo.org/glsa/202003-57", "reference_id": "GLSA-202003-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3662", "reference_id": "RHSA-2020:3662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5275", "reference_id": "RHSA-2020:5275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5275" }, { "reference_url": "https://usn.ubuntu.com/4330-1/", "reference_id": "USN-4330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4330-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935090?format=api", "purl": "pkg:deb/debian/php7.4@7.4.3-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.3-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7062" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2adj-dp22-xyeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50873?format=api", "vulnerability_id": "VCID-2dg4-b7g9-eubx", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31630.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31630.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18619", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18462", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18471", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18493", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18765", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18482", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18562", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18615", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1852", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20211", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2054", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139280", "reference_id": "2139280", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139280" }, { "reference_url": "https://security.gentoo.org/glsa/202211-03", "reference_id": "GLSA-202211-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202211-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0848", "reference_id": "RHSA-2023:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0965", "reference_id": "RHSA-2023:0965", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2417", "reference_id": "RHSA-2023:2417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2903", "reference_id": "RHSA-2023:2903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2903" }, { "reference_url": "https://usn.ubuntu.com/5717-1/", "reference_id": "USN-5717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5717-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935099?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-31630" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dg4-b7g9-eubx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48773?format=api", "vulnerability_id": "VCID-2tux-e678-hubz", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31627.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31627.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31627", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39782", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39701", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39755", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39769", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39779", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39743", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39727", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39777", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39748", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39664", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39484", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31627" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107018", "reference_id": "2107018", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107018" }, { "reference_url": "https://security.gentoo.org/glsa/202209-20", "reference_id": "GLSA-202209-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-20" }, { "reference_url": "https://usn.ubuntu.com/5530-1/", "reference_id": "USN-5530-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5530-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935089?format=api", "purl": "pkg:deb/debian/php7.4@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-31627" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2tux-e678-hubz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42017?format=api", "vulnerability_id": "VCID-2yrz-qpqj-9ugn", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which\n could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7071.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07003", "scoring_system": "epss", "scoring_elements": "0.91421", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07003", "scoring_system": "epss", "scoring_elements": "0.91499", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07003", "scoring_system": "epss", "scoring_elements": "0.91494", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07003", "scoring_system": "epss", "scoring_elements": "0.9149", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07003", "scoring_system": "epss", "scoring_elements": "0.91428", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07003", "scoring_system": "epss", "scoring_elements": "0.91437", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07003", "scoring_system": "epss", "scoring_elements": "0.91445", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07003", "scoring_system": "epss", "scoring_elements": "0.91457", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07003", "scoring_system": "epss", "scoring_elements": "0.91463", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07003", "scoring_system": "epss", "scoring_elements": "0.91469", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07003", "scoring_system": "epss", "scoring_elements": "0.91472", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07003", "scoring_system": "epss", "scoring_elements": "0.9147", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7069", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21702" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913846", "reference_id": "1913846", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913846" }, { "reference_url": "https://security.archlinux.org/ASA-202101-9", "reference_id": "ASA-202101-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-9" }, { "reference_url": "https://security.archlinux.org/AVG-1415", "reference_id": "AVG-1415", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1415" }, { "reference_url": "https://security.gentoo.org/glsa/202105-23", "reference_id": "GLSA-202105-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2992", "reference_id": "RHSA-2021:2992", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2992" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4213", "reference_id": "RHSA-2021:4213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4213" }, { "reference_url": "https://usn.ubuntu.com/5006-1/", "reference_id": "USN-5006-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5006-1/" }, { "reference_url": "https://usn.ubuntu.com/5006-2/", "reference_id": "USN-5006-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5006-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935093?format=api", "purl": "pkg:deb/debian/php7.4@7.4.14-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.14-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7071" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2yrz-qpqj-9ugn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76926?format=api", "vulnerability_id": "VCID-32yk-5b4h-4bfv", "summary": "php: Fail to Escape Arguments Properly in Microsoft Windows", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1874.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1874.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.63376", "scoring_system": "epss", "scoring_elements": "0.98394", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.63376", "scoring_system": "epss", "scoring_elements": "0.98415", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.63376", "scoring_system": "epss", "scoring_elements": "0.98412", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.63376", "scoring_system": "epss", "scoring_elements": "0.98407", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.63376", "scoring_system": "epss", "scoring_elements": "0.98404", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.63376", "scoring_system": "epss", "scoring_elements": "0.98403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.63376", "scoring_system": "epss", "scoring_elements": "0.984", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.63376", "scoring_system": "epss", "scoring_elements": "0.98397", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1874" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/07/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-29T13:05:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/12/11", "reference_id": "11", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-29T13:05:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/12/11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267262", "reference_id": "2267262", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267262" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7", "reference_id": "GHSA-pc52-254m-w9w7", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-29T13:05:18Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0009/", "reference_id": "ntap-20240510-0009", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-29T13:05:18Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0009/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/", "reference_id": "PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-29T13:05:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/", "reference_id": "W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-29T13:05:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935089?format=api", "purl": "pkg:deb/debian/php7.4@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-1874" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-32yk-5b4h-4bfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72685?format=api", "vulnerability_id": "VCID-341r-8amt-z7dr", "summary": "php: Configuring a proxy in a stream context might allow for CRLF injection in URIs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11234.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11234.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01153", "scoring_system": "epss", "scoring_elements": "0.78571", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01153", "scoring_system": "epss", "scoring_elements": "0.78514", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01153", "scoring_system": "epss", "scoring_elements": "0.78539", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01153", "scoring_system": "epss", "scoring_elements": "0.78521", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01153", "scoring_system": "epss", "scoring_elements": "0.78541", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01153", "scoring_system": "epss", "scoring_elements": "0.78538", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01559", "scoring_system": "epss", "scoring_elements": "0.81434", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01559", "scoring_system": "epss", "scoring_elements": "0.81462", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02098", "scoring_system": "epss", "scoring_elements": "0.83996", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02098", "scoring_system": "epss", "scoring_elements": "0.84011", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11234" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688", "reference_id": "1088688", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328523", "reference_id": "2328523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328523" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2", "reference_id": "GHSA-c5f2-jwm7-mmq2", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-24T12:32:39Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7315", "reference_id": "RHSA-2025:7315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7157-1/", "reference_id": "USN-7157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7157-1/" }, { "reference_url": "https://usn.ubuntu.com/7157-3/", "reference_id": "USN-7157-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7157-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935103?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u7?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u7%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-11234" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-341r-8amt-z7dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43016?format=api", "vulnerability_id": "VCID-3xsn-r6dz-rfbv", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which\n could result in the execution of arbitrary shell commands.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7063.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7063.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7063", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53498", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53522", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53548", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53517", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53567", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53563", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53613", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53596", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53578", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53615", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5362", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53604", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53566", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7063" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808536", "reference_id": "1808536", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808536" }, { "reference_url": "https://security.gentoo.org/glsa/202003-57", "reference_id": "GLSA-202003-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3662", "reference_id": "RHSA-2020:3662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5275", "reference_id": "RHSA-2020:5275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5275" }, { "reference_url": "https://usn.ubuntu.com/4330-1/", "reference_id": "USN-4330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4330-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935090?format=api", "purl": "pkg:deb/debian/php7.4@7.4.3-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.3-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7063" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xsn-r6dz-rfbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65494?format=api", "vulnerability_id": "VCID-46m1-33z3-ruhk", "summary": "php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14180.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10123", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1004", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10018", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10147", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10155", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10051", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10127", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10187", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10227", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10167", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14180" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574", "reference_id": "1123574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425627", "reference_id": "2425627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425627" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj", "reference_id": "GHSA-8xr5-qppj-gvwj", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-29T15:59:59Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1169", "reference_id": "RHSA-2026:1169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1185", "reference_id": "RHSA-2026:1185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1187", "reference_id": "RHSA-2026:1187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1190", "reference_id": "RHSA-2026:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1409", "reference_id": "RHSA-2026:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1412", "reference_id": "RHSA-2026:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1429", "reference_id": "RHSA-2026:1429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1628", "reference_id": "RHSA-2026:1628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3713", "reference_id": "RHSA-2026:3713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7614", "reference_id": "RHSA-2026:7614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7614" }, { "reference_url": "https://usn.ubuntu.com/7953-1/", "reference_id": "USN-7953-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7953-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935089?format=api", "purl": "pkg:deb/debian/php7.4@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-14180" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46m1-33z3-ruhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35779?format=api", "vulnerability_id": "VCID-53h9-y2ns-jfh1", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63645", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63616", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63653", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63662", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63596", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63622", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63581", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63633", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63649", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63664", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8927" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317051", "reference_id": "2317051", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317051" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp", "reference_id": "GHSA-94p6-54jq-9mwp", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T12:50:40Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp" }, { "reference_url": "https://security.gentoo.org/glsa/202501-11", "reference_id": "GLSA-202501-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10949", "reference_id": "RHSA-2024:10949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10950", "reference_id": "RHSA-2024:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10951", "reference_id": "RHSA-2024:10951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10952", "reference_id": "RHSA-2024:10952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7315", "reference_id": "RHSA-2025:7315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7315" }, { "reference_url": "https://usn.ubuntu.com/7049-1/", "reference_id": "USN-7049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7049-1/" }, { "reference_url": "https://usn.ubuntu.com/7049-2/", "reference_id": "USN-7049-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7049-2/" }, { "reference_url": "https://usn.ubuntu.com/7049-3/", "reference_id": "USN-7049-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7049-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935101?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u6?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u6%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-8927" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53h9-y2ns-jfh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42468?format=api", "vulnerability_id": "VCID-5jts-46jw-tfdp", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5585.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5585.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75347", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75226", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75257", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75234", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75287", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75308", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75275", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75314", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75321", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00874", "scoring_system": "epss", "scoring_elements": "0.75312", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5585" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/07/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-16T17:52:45Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2291311", "reference_id": "2291311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2291311" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385", "reference_id": "GHSA-9fcc-425m-g385", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-16T17:52:45Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385" }, { "reference_url": "https://security.gentoo.org/glsa/202408-32", "reference_id": "GLSA-202408-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-32" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240726-0002/", "reference_id": "ntap-20240726-0002", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-16T17:52:45Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240726-0002/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/", "reference_id": "PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-16T17:52:45Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/", "reference_id": "W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-16T17:52:45Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935089?format=api", "purl": "pkg:deb/debian/php7.4@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-5585" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5jts-46jw-tfdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35780?format=api", "vulnerability_id": "VCID-6g29-te13-kucu", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9026.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9026.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75239", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75202", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75206", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75212", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75127", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75157", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75134", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75168", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.7518", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9026" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317144", "reference_id": "2317144", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317144" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5", "reference_id": "GHSA-865w-9rf3-2wh5", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T12:47:58Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5" }, { "reference_url": "https://security.gentoo.org/glsa/202501-11", "reference_id": "GLSA-202501-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10949", "reference_id": "RHSA-2024:10949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10950", "reference_id": "RHSA-2024:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10951", "reference_id": "RHSA-2024:10951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10952", "reference_id": "RHSA-2024:10952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7315", "reference_id": "RHSA-2025:7315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7315" }, { "reference_url": "https://usn.ubuntu.com/7049-1/", "reference_id": "USN-7049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7049-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935101?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u6?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u6%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-9026" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6g29-te13-kucu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72686?format=api", "vulnerability_id": "VCID-7151-69v8-cqaj", "summary": "php: Integer overflow in the firebird and dblib quoters causing OOB writes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11236.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11236.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55656", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.556", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55624", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55653", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55665", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55645", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55628", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63368", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63391", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63387", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63383", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11236" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688", "reference_id": "1088688", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328522", "reference_id": "2328522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328522" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv", "reference_id": "GHSA-5hqh-c84r-qjcv", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-24T12:32:23Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv" }, { "reference_url": "https://usn.ubuntu.com/7153-1/", "reference_id": "USN-7153-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7153-1/" }, { "reference_url": "https://usn.ubuntu.com/7157-1/", "reference_id": "USN-7157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935103?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u7?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u7%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-11236" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7151-69v8-cqaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42009?format=api", "vulnerability_id": "VCID-7mcr-tsd2-tkf2", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which\n could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7070.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26088", "scoring_system": "epss", "scoring_elements": "0.96245", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.26088", "scoring_system": "epss", "scoring_elements": "0.96253", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.26088", "scoring_system": "epss", "scoring_elements": "0.9626", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.26088", "scoring_system": "epss", "scoring_elements": "0.96265", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.26088", "scoring_system": "epss", "scoring_elements": "0.96274", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.26088", "scoring_system": "epss", "scoring_elements": "0.96277", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.26088", "scoring_system": "epss", "scoring_elements": "0.96285", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.26088", "scoring_system": "epss", "scoring_elements": "0.96294", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.26088", "scoring_system": "epss", "scoring_elements": "0.96298", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.26088", "scoring_system": "epss", "scoring_elements": "0.96281", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.27653", "scoring_system": "epss", "scoring_elements": "0.96453", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.29078", "scoring_system": "epss", "scoring_elements": "0.96595", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7070" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7069", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21702" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885738", "reference_id": "1885738", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885738" }, { "reference_url": "https://security.gentoo.org/glsa/202012-16", "reference_id": "GLSA-202012-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2992", "reference_id": "RHSA-2021:2992", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2992" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4213", "reference_id": "RHSA-2021:4213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4213" }, { "reference_url": "https://usn.ubuntu.com/4583-1/", "reference_id": "USN-4583-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4583-1/" }, { "reference_url": "https://usn.ubuntu.com/4583-2/", "reference_id": "USN-4583-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4583-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935092?format=api", "purl": "pkg:deb/debian/php7.4@7.4.11-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.11-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7070" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7mcr-tsd2-tkf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68810?format=api", "vulnerability_id": "VCID-7qqj-hp6m-z7bh", "summary": "php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6491.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45447", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45427", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48576", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48573", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48623", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48618", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48569", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48566", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48587", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.4856", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6491" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378690", "reference_id": "2378690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378690" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x", "reference_id": "GHSA-453j-q27h-5p8x", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T15:59:51Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23309", "reference_id": "RHSA-2025:23309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1409", "reference_id": "RHSA-2026:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1412", "reference_id": "RHSA-2026:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7648-1/", "reference_id": "USN-7648-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-1/" }, { "reference_url": "https://usn.ubuntu.com/7648-2/", "reference_id": "USN-7648-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935105?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u9?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u9%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-6491" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qqj-hp6m-z7bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48767?format=api", "vulnerability_id": "VCID-8kna-v21h-qfb5", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21704.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21704.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35369", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.3523", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35518", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35467", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35568", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35594", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35522", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35546", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35555", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35511", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35489", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35528", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978790", "reference_id": "1978790", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978790" }, { "reference_url": "https://security.archlinux.org/ASA-202107-15", "reference_id": "ASA-202107-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-15" }, { "reference_url": "https://security.archlinux.org/AVG-2132", "reference_id": "AVG-2132", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2132" }, { "reference_url": "https://security.gentoo.org/glsa/202209-20", "reference_id": "GLSA-202209-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-20" }, { "reference_url": "https://usn.ubuntu.com/5006-1/", "reference_id": "USN-5006-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5006-1/" }, { "reference_url": "https://usn.ubuntu.com/5006-2/", "reference_id": "USN-5006-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5006-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935096?format=api", "purl": "pkg:deb/debian/php7.4@7.4.21-1%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.21-1%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-21704" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8kna-v21h-qfb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48768?format=api", "vulnerability_id": "VCID-99r7-s4va-3kes", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21705.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21705.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21705", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.5263", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52706", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52772", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52755", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52673", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.527", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52664", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52715", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52709", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52759", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52742", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52726", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52765", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978755", "reference_id": "1978755", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978755" }, { "reference_url": "https://security.archlinux.org/ASA-202107-15", "reference_id": "ASA-202107-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-15" }, { "reference_url": "https://security.archlinux.org/AVG-2132", "reference_id": "AVG-2132", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2132" }, { "reference_url": "https://security.gentoo.org/glsa/202209-20", "reference_id": "GLSA-202209-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2992", "reference_id": "RHSA-2021:2992", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2992" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1935", "reference_id": "RHSA-2022:1935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1935" }, { "reference_url": "https://usn.ubuntu.com/5006-1/", "reference_id": "USN-5006-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5006-1/" }, { "reference_url": "https://usn.ubuntu.com/5006-2/", "reference_id": "USN-5006-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5006-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935096?format=api", "purl": "pkg:deb/debian/php7.4@7.4.21-1%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.21-1%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-21705" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-99r7-s4va-3kes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72684?format=api", "vulnerability_id": "VCID-9byf-ymwr-eug8", "summary": "php: Single byte overread with convert.quoted-printable-decode filter", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72709", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72665", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72676", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72667", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72584", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.726", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72577", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72615", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72627", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72651", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72633", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72623", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688", "reference_id": "1088688", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328521", "reference_id": "2328521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328521" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43", "reference_id": "GHSA-r977-prxv-hc43", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-24T12:32:59Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7315", "reference_id": "RHSA-2025:7315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7157-1/", "reference_id": "USN-7157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7157-1/" }, { "reference_url": "https://usn.ubuntu.com/7157-3/", "reference_id": "USN-7157-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7157-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935103?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u7?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u7%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-11233" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9byf-ymwr-eug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42459?format=api", "vulnerability_id": "VCID-9p3x-8hp1-2bge", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0568.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0568.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0568", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40443", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40625", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40606", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40653", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40622", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40546", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40662", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40584", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40634", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40644", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368", "reference_id": "1031368", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170770", "reference_id": "2170770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170770" }, { "reference_url": "https://bugs.php.net/bug.php?id=81746", "reference_id": "bug.php?id=81746", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:56:58Z/" } ], "url": "https://bugs.php.net/bug.php?id=81746" }, { "reference_url": "https://security.gentoo.org/glsa/202408-32", "reference_id": "GLSA-202408-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-32" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230517-0001/", "reference_id": "ntap-20230517-0001", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:56:58Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230517-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5926", "reference_id": "RHSA-2023:5926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5927", "reference_id": "RHSA-2023:5927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0387", "reference_id": "RHSA-2024:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10952", "reference_id": "RHSA-2024:10952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10952" }, { "reference_url": "https://usn.ubuntu.com/5902-1/", "reference_id": "USN-5902-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5902-1/" }, { "reference_url": "https://usn.ubuntu.com/5905-1/", "reference_id": "USN-5905-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5905-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935100?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u3?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u3%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-0568" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9p3x-8hp1-2bge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78305?format=api", "vulnerability_id": "VCID-a21g-6nbb-fbb1", "summary": "php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3247.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3247.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46071", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46149", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46145", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.4609", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46089", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46036", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46092", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46113", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46085", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46094", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219290", "reference_id": "2219290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219290" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw", "reference_id": "GHSA-76gg-c692-v2mw", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T19:41:48Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5926", "reference_id": "RHSA-2023:5926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5927", "reference_id": "RHSA-2023:5927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0387", "reference_id": "RHSA-2024:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10952", "reference_id": "RHSA-2024:10952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10952" }, { "reference_url": "https://usn.ubuntu.com/6199-1/", "reference_id": "USN-6199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6199-1/" }, { "reference_url": "https://usn.ubuntu.com/6199-2/", "reference_id": "USN-6199-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6199-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935102?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u4%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-3247" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a21g-6nbb-fbb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42008?format=api", "vulnerability_id": "VCID-araj-st9q-3keq", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which\n could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7069.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7069.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08351", "scoring_system": "epss", "scoring_elements": "0.9226", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08351", "scoring_system": "epss", "scoring_elements": "0.92267", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08351", "scoring_system": "epss", "scoring_elements": "0.92273", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08351", "scoring_system": "epss", "scoring_elements": "0.92275", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08351", "scoring_system": "epss", "scoring_elements": "0.92287", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08351", "scoring_system": "epss", "scoring_elements": "0.92291", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08351", "scoring_system": "epss", "scoring_elements": "0.92296", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08351", "scoring_system": "epss", "scoring_elements": "0.92297", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08351", "scoring_system": "epss", "scoring_elements": "0.92308", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.08351", "scoring_system": "epss", "scoring_elements": "0.92307", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.08351", "scoring_system": "epss", "scoring_elements": "0.92312", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7069", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21702" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885735", "reference_id": "1885735", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885735" }, { "reference_url": "https://security.gentoo.org/glsa/202012-16", "reference_id": "GLSA-202012-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2992", "reference_id": "RHSA-2021:2992", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2992" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4213", "reference_id": "RHSA-2021:4213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4213" }, { "reference_url": "https://usn.ubuntu.com/4583-1/", "reference_id": "USN-4583-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4583-1/" }, { "reference_url": "https://usn.ubuntu.com/4583-2/", "reference_id": "USN-4583-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4583-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935092?format=api", "purl": "pkg:deb/debian/php7.4@7.4.11-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.11-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7069" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-araj-st9q-3keq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50871?format=api", "vulnerability_id": "VCID-b3v5-hed2-wqeb", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31628.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31628.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0252", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02533", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13613", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13551", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13341", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13342", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13431", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13477", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13514", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1354", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13491", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1341", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133688", "reference_id": "2133688", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133688" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/", "reference_id": "2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T20:24:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/" }, { "reference_url": "https://bugs.php.net/bug.php?id=81726", "reference_id": "bug.php?id=81726", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T20:24:46Z/" } ], "url": "https://bugs.php.net/bug.php?id=81726" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5277", "reference_id": "dsa-5277", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T20:24:46Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5277" }, { "reference_url": "https://security.gentoo.org/glsa/202211-03", "reference_id": "GLSA-202211-03", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T20:24:46Z/" } ], "url": "https://security.gentoo.org/glsa/202211-03" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html", "reference_id": "msg00030.html", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T20:24:46Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221209-0001/", "reference_id": "ntap-20221209-0001", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T20:24:46Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221209-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0848", "reference_id": "RHSA-2023:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0965", "reference_id": "RHSA-2023:0965", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2417", "reference_id": "RHSA-2023:2417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2903", "reference_id": "RHSA-2023:2903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2903" }, { "reference_url": "https://usn.ubuntu.com/5717-1/", "reference_id": "USN-5717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5717-1/" }, { "reference_url": "https://usn.ubuntu.com/5905-1/", "reference_id": "USN-5905-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5905-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/", "reference_id": "VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T20:24:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/", "reference_id": "XNIEABBH5XCXLFWWZYIDE457SPEDZTXV", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T20:24:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935099?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-31628" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3v5-hed2-wqeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70597?format=api", "vulnerability_id": "VCID-bf18-3zx5-f7gr", "summary": "php: Header parser of http stream wrapper does not handle folded headers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2253", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22487", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27094", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27097", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27053", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26996", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27005", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26979", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2698", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42347", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43814", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1217" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355917", "reference_id": "2355917", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355917" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g", "reference_id": "GHSA-v8xr-gpvj-cx9g", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:A" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:23:16Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7418", "reference_id": "RHSA-2025:7418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7431", "reference_id": "RHSA-2025:7431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7489", "reference_id": "RHSA-2025:7489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7400-1/", "reference_id": "USN-7400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7400-1/" }, { "reference_url": "https://usn.ubuntu.com/7645-1/", "reference_id": "USN-7645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7645-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935104?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u8?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u8%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-1217" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bf18-3zx5-f7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48770?format=api", "vulnerability_id": "VCID-buvz-8rkh-8kak", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.4427", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44453", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44444", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44373", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49347", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49349", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49374", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.5021", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.5014", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50185", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50163", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50217", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50213", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21708" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055879", "reference_id": "2055879", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055879" }, { "reference_url": "https://security.archlinux.org/AVG-2695", "reference_id": "AVG-2695", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2695" }, { "reference_url": "https://security.gentoo.org/glsa/202209-20", "reference_id": "GLSA-202209-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7624", "reference_id": "RHSA-2022:7624", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7628", "reference_id": "RHSA-2022:7628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8197", "reference_id": "RHSA-2022:8197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3016", "reference_id": "RHSA-2025:3016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3076", "reference_id": "RHSA-2025:3076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3076" }, { "reference_url": "https://usn.ubuntu.com/5303-1/", "reference_id": "USN-5303-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5303-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935097?format=api", "purl": "pkg:deb/debian/php7.4@7.4.28-1%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.28-1%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-21708" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-buvz-8rkh-8kak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48771?format=api", "vulnerability_id": "VCID-c524-3my9-n7d3", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31625.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31625.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31625", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00766", "scoring_system": "epss", "scoring_elements": "0.73526", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00766", "scoring_system": "epss", "scoring_elements": "0.735", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00766", "scoring_system": "epss", "scoring_elements": "0.73493", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00766", "scoring_system": "epss", "scoring_elements": "0.73408", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00766", "scoring_system": "epss", "scoring_elements": "0.73431", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00766", "scoring_system": "epss", "scoring_elements": "0.73403", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00766", "scoring_system": "epss", "scoring_elements": "0.7344", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00766", "scoring_system": "epss", "scoring_elements": "0.73453", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00766", "scoring_system": "epss", "scoring_elements": "0.73476", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00766", "scoring_system": "epss", "scoring_elements": "0.73457", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00766", "scoring_system": "epss", "scoring_elements": "0.73449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00766", "scoring_system": "epss", "scoring_elements": "0.73491", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098521", "reference_id": "2098521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098521" }, { "reference_url": "https://security.archlinux.org/AVG-2768", "reference_id": "AVG-2768", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2768" }, { "reference_url": "https://security.gentoo.org/glsa/202209-20", "reference_id": "GLSA-202209-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5491", "reference_id": "RHSA-2022:5491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6158", "reference_id": "RHSA-2022:6158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7624", "reference_id": "RHSA-2022:7624", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8197", "reference_id": "RHSA-2022:8197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8197" }, { "reference_url": "https://usn.ubuntu.com/5479-1/", "reference_id": "USN-5479-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5479-1/" }, { "reference_url": "https://usn.ubuntu.com/5479-2/", "reference_id": "USN-5479-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5479-2/" }, { "reference_url": "https://usn.ubuntu.com/5479-3/", "reference_id": "USN-5479-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5479-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935098?format=api", "purl": "pkg:deb/debian/php7.4@7.4.30-1%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.30-1%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-31625" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c524-3my9-n7d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42465?format=api", "vulnerability_id": "VCID-dmvz-493v-mfdr", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3096.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3096.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3096", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01069", "scoring_system": "epss", "scoring_elements": "0.77785", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01069", "scoring_system": "epss", "scoring_elements": "0.7768", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01069", "scoring_system": "epss", "scoring_elements": "0.77708", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01069", "scoring_system": "epss", "scoring_elements": "0.77713", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01069", "scoring_system": "epss", "scoring_elements": "0.77739", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01069", "scoring_system": "epss", "scoring_elements": "0.77724", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01069", "scoring_system": "epss", "scoring_elements": "0.77723", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01069", "scoring_system": "epss", "scoring_elements": "0.7776", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01069", "scoring_system": "epss", "scoring_elements": "0.77759", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01069", "scoring_system": "epss", "scoring_elements": "0.77753", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01069", "scoring_system": "epss", "scoring_elements": "0.7767", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01069", "scoring_system": "epss", "scoring_elements": "0.77697", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3096" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/12/11", "reference_id": "11", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T15:14:15Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/12/11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275061", "reference_id": "2275061", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275061" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr", "reference_id": "GHSA-h746-cjrr-wfmr", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T15:14:15Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr" }, { "reference_url": "https://security.gentoo.org/glsa/202408-32", "reference_id": "GLSA-202408-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-32" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html", "reference_id": "msg00005.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T15:14:15Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0010/", "reference_id": "ntap-20240510-0010", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T15:14:15Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0010/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10949", "reference_id": "RHSA-2024:10949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10950", "reference_id": "RHSA-2024:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10951", "reference_id": "RHSA-2024:10951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10952", "reference_id": "RHSA-2024:10952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7315", "reference_id": "RHSA-2025:7315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7315" }, { "reference_url": "https://usn.ubuntu.com/6757-1/", "reference_id": "USN-6757-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6757-1/" }, { "reference_url": "https://usn.ubuntu.com/6757-2/", "reference_id": "USN-6757-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6757-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-3096" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmvz-493v-mfdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42463?format=api", "vulnerability_id": "VCID-dqb9-fgsz-rycp", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2756.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2756.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2756", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07745", "scoring_system": "epss", "scoring_elements": "0.91955", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07745", "scoring_system": "epss", "scoring_elements": "0.91917", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07745", "scoring_system": "epss", "scoring_elements": "0.91923", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07745", "scoring_system": "epss", "scoring_elements": "0.91936", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07745", "scoring_system": "epss", "scoring_elements": "0.91942", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07745", "scoring_system": "epss", "scoring_elements": "0.91945", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07745", "scoring_system": "epss", "scoring_elements": "0.91944", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07745", "scoring_system": "epss", "scoring_elements": "0.91941", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07745", "scoring_system": "epss", "scoring_elements": "0.9196", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07745", "scoring_system": "epss", "scoring_elements": "0.91957", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07745", "scoring_system": "epss", "scoring_elements": "0.91909", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/12/11", "reference_id": "11", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T17:19:19Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/12/11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275058", "reference_id": "2275058", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275058" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4", "reference_id": "GHSA-wpj3-hf5j-x4v4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T17:19:19Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4" }, { "reference_url": "https://security.gentoo.org/glsa/202408-32", "reference_id": "GLSA-202408-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-32" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html", "reference_id": "msg00005.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T17:19:19Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0008/", "reference_id": "ntap-20240510-0008", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T17:19:19Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10949", "reference_id": "RHSA-2024:10949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10950", "reference_id": "RHSA-2024:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10951", "reference_id": "RHSA-2024:10951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10952", "reference_id": "RHSA-2024:10952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7315", "reference_id": "RHSA-2025:7315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7315" }, { "reference_url": "https://usn.ubuntu.com/6757-1/", "reference_id": "USN-6757-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6757-1/" }, { "reference_url": "https://usn.ubuntu.com/6757-2/", "reference_id": "USN-6757-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6757-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-2756" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dqb9-fgsz-rycp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42467?format=api", "vulnerability_id": "VCID-e16f-4ynx-fqb9", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5458.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5458.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03579", "scoring_system": "epss", "scoring_elements": "0.87768", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03579", "scoring_system": "epss", "scoring_elements": "0.87695", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03579", "scoring_system": "epss", "scoring_elements": "0.87707", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03579", "scoring_system": "epss", "scoring_elements": "0.87709", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03579", "scoring_system": "epss", "scoring_elements": "0.8773", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03579", "scoring_system": "epss", "scoring_elements": "0.87736", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03579", "scoring_system": "epss", "scoring_elements": "0.87747", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03579", "scoring_system": "epss", "scoring_elements": "0.87741", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03579", "scoring_system": "epss", "scoring_elements": "0.87739", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03579", "scoring_system": "epss", "scoring_elements": "0.87753", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03579", "scoring_system": "epss", "scoring_elements": "0.87752", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5458" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/07/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-10T19:55:47Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072885", "reference_id": "1072885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072885" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2291252", "reference_id": "2291252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2291252" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w", "reference_id": "GHSA-w8qr-v226-r27w", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-10T19:55:47Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w" }, { "reference_url": "https://security.gentoo.org/glsa/202408-32", "reference_id": "GLSA-202408-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-32" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html", "reference_id": "msg00009.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-10T19:55:47Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240726-0001/", "reference_id": "ntap-20240726-0001", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-10T19:55:47Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240726-0001/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/", "reference_id": "PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-10T19:55:47Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10949", "reference_id": "RHSA-2024:10949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10950", "reference_id": "RHSA-2024:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10951", "reference_id": "RHSA-2024:10951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10952", "reference_id": "RHSA-2024:10952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7315", "reference_id": "RHSA-2025:7315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7315" }, { "reference_url": "https://usn.ubuntu.com/6841-1/", "reference_id": "USN-6841-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6841-1/" }, { "reference_url": "https://usn.ubuntu.com/6841-2/", "reference_id": "USN-6841-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6841-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/", "reference_id": "W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-10T19:55:47Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935101?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u6?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u6%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-5458" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e16f-4ynx-fqb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79090?format=api", "vulnerability_id": "VCID-es75-j9rx-zbe5", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7067.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09983", "scoring_system": "epss", "scoring_elements": "0.93018", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09983", "scoring_system": "epss", "scoring_elements": "0.93027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09983", "scoring_system": "epss", "scoring_elements": "0.93031", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09983", "scoring_system": "epss", "scoring_elements": "0.93039", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09983", "scoring_system": "epss", "scoring_elements": "0.93043", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09983", "scoring_system": "epss", "scoring_elements": "0.93048", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09983", "scoring_system": "epss", "scoring_elements": "0.93046", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09983", "scoring_system": "epss", "scoring_elements": "0.93047", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09983", "scoring_system": "epss", "scoring_elements": "0.93058", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.09983", "scoring_system": "epss", "scoring_elements": "0.93061", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.09983", "scoring_system": "epss", "scoring_elements": "0.93067", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.09983", "scoring_system": "epss", "scoring_elements": "0.93074", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7067" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827653", "reference_id": "1827653", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827653" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935091?format=api", "purl": "pkg:deb/debian/php7.4@7.4.5-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.5-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7067" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-es75-j9rx-zbe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30515?format=api", "vulnerability_id": "VCID-ewbq-2gm8-tyf5", "summary": "Buffer overflow in sponge queue functions\n### Impact\n\nThe Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more.\n\n### Patches\n\nYes, see commit [fdc6fef0](https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a).\n\n### Workarounds\n\nThe problem can be avoided by limiting the size of the partial input data (or partial output digest) below 2^32 - 200 bytes. Multiple calls to the queue system can be chained at a higher level to retain the original functionality. Alternatively, one can process the entire input (or produce the entire output) at once, avoiding the queuing functions altogether.\n\n### References\n\nSee [issue #105](https://github.com/XKCP/XKCP/issues/105) for more details.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37454.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37454.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37454", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.79931", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.79894", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.79915", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.79935", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.79943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.7996", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.7994", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.79903", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.014", "scoring_system": "epss", "scoring_elements": "0.80449", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.014", "scoring_system": "epss", "scoring_elements": "0.80475", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.014", "scoring_system": "epss", "scoring_elements": "0.80444", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.014", "scoring_system": "epss", "scoring_elements": "0.80446", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37454" }, { "reference_url": "https://csrc.nist.gov/projects/hash-functions/sha-3-project", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://csrc.nist.gov/projects/hash-functions/sha-3-project" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454" }, { "reference_url": "https://eprint.iacr.org/2023/331", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://eprint.iacr.org/2023/331" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312" }, { "reference_url": "https://github.com/johanns/sha3/issues/17", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/johanns/sha3/issues/17" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sha3/CVE-2022-37454.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sha3/CVE-2022-37454.yml" }, { "reference_url": "https://github.com/tiran/pysha3/issues/29", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tiran/pysha3/issues/29" }, { "reference_url": "https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a" }, { "reference_url": "https://github.com/XKCP/XKCP/issues/105", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/XKCP/XKCP/issues/105" }, { "reference_url": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/" }, { "reference_url": "https://mouha.be/sha-3-buffer-overflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mouha.be/sha-3-buffer-overflow" }, { "reference_url": "https://mouha.be/sha-3-buffer-overflow/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://mouha.be/sha-3-buffer-overflow/" }, { "reference_url": "https://news.ycombinator.com/item?id=33281106", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://news.ycombinator.com/item?id=33281106" }, { "reference_url": "https://news.ycombinator.com/item?id=35050307", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://news.ycombinator.com/item?id=35050307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37454", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37454" }, { "reference_url": "https://security.gentoo.org/glsa/202305-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://security.gentoo.org/glsa/202305-02" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5267", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5267" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5269", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5269" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023030", "reference_id": "1023030", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023030" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140200", "reference_id": "2140200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140200" }, { "reference_url": "https://github.com/advisories/GHSA-6w4m-2xhg-2658", "reference_id": "GHSA-6w4m-2xhg-2658", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6w4m-2xhg-2658" }, { "reference_url": "https://security.gentoo.org/glsa/202211-03", "reference_id": "GLSA-202211-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202211-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0848", "reference_id": "RHSA-2023:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0965", "reference_id": "RHSA-2023:0965", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2417", "reference_id": "RHSA-2023:2417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2903", "reference_id": "RHSA-2023:2903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2903" }, { "reference_url": "https://usn.ubuntu.com/5717-1/", "reference_id": "USN-5717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5717-1/" }, { "reference_url": "https://usn.ubuntu.com/5767-1/", "reference_id": "USN-5767-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5767-1/" }, { "reference_url": "https://usn.ubuntu.com/5767-3/", "reference_id": "USN-5767-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5767-3/" }, { "reference_url": "https://usn.ubuntu.com/5888-1/", "reference_id": "USN-5888-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5888-1/" }, { "reference_url": "https://usn.ubuntu.com/5930-1/", "reference_id": "USN-5930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5930-1/" }, { "reference_url": "https://usn.ubuntu.com/5931-1/", "reference_id": "USN-5931-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5931-1/" }, { "reference_url": "https://usn.ubuntu.com/6524-1/", "reference_id": "USN-6524-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6524-1/" }, { "reference_url": "https://usn.ubuntu.com/6525-1/", "reference_id": "USN-6525-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6525-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935099?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-37454", "GHSA-6w4m-2xhg-2658" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewbq-2gm8-tyf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42019?format=api", "vulnerability_id": "VCID-f3vu-gjgg-zbgr", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which\n could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21702.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21702.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21702", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50548", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50612", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50684", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50664", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.506", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50628", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50581", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50636", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50632", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50674", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50652", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50678", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21702" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7069", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21702" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925272", "reference_id": "1925272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925272" }, { "reference_url": "https://security.archlinux.org/ASA-202102-15", "reference_id": "ASA-202102-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-15" }, { "reference_url": "https://security.archlinux.org/AVG-1531", "reference_id": "AVG-1531", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1531" }, { "reference_url": "https://security.gentoo.org/glsa/202105-23", "reference_id": "GLSA-202105-23", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2992", "reference_id": "RHSA-2021:2992", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2992" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4213", "reference_id": "RHSA-2021:4213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4213" }, { "reference_url": "https://usn.ubuntu.com/5006-1/", "reference_id": "USN-5006-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5006-1/" }, { "reference_url": "https://usn.ubuntu.com/5006-2/", "reference_id": "USN-5006-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5006-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935094?format=api", "purl": "pkg:deb/debian/php7.4@7.4.15-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.15-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-21702" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f3vu-gjgg-zbgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79236?format=api", "vulnerability_id": "VCID-fhh6-shuh-v3am", "summary": "php: potential buffer overflow in php_cli_server_startup_workers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4900.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4900.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20282", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20339", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20063", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20144", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20202", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20226", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20182", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20124", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20121", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2012", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20003", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4900" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179880", "reference_id": "2179880", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0848", "reference_id": "RHSA-2023:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0848" }, { "reference_url": "https://usn.ubuntu.com/6757-1/", "reference_id": "USN-6757-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6757-1/" }, { "reference_url": "https://usn.ubuntu.com/6757-2/", "reference_id": "USN-6757-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6757-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935101?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u6?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u6%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-4900" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fhh6-shuh-v3am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68662?format=api", "vulnerability_id": "VCID-fyhr-st6h-eker", "summary": "php: PHP Hostname Null Character Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1132", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15356", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15806", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15732", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15741", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15785", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15877", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1594", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15916", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15809", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1220" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379792", "reference_id": "2379792", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379792" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r", "reference_id": "GHSA-3cr5-j632-f35r", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T15:58:46Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23309", "reference_id": "RHSA-2025:23309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1409", "reference_id": "RHSA-2026:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1412", "reference_id": "RHSA-2026:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7648-1/", "reference_id": "USN-7648-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-1/" }, { "reference_url": "https://usn.ubuntu.com/7648-2/", "reference_id": "USN-7648-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935105?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u9?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u9%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-1220" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fyhr-st6h-eker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42462?format=api", "vulnerability_id": "VCID-g2sk-sa2j-dkcv", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3824.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3824.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.32366", "scoring_system": "epss", "scoring_elements": "0.96856", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.32366", "scoring_system": "epss", "scoring_elements": "0.96842", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.32366", "scoring_system": "epss", "scoring_elements": "0.96849", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.32366", "scoring_system": "epss", "scoring_elements": "0.96853", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.32366", "scoring_system": "epss", "scoring_elements": "0.96855", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.32366", "scoring_system": "epss", "scoring_elements": "0.96837", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.32366", "scoring_system": "epss", "scoring_elements": "0.96838", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.32366", "scoring_system": "epss", "scoring_elements": "0.9684", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.32366", "scoring_system": "epss", "scoring_elements": "0.96841", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.34999", "scoring_system": "epss", "scoring_elements": "0.97005", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.34999", "scoring_system": "epss", "scoring_elements": "0.97009", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.34999", "scoring_system": "epss", "scoring_elements": "0.9701", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043477", "reference_id": "1043477", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043477" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230101", "reference_id": "2230101", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230101" }, { "reference_url": "https://security.gentoo.org/glsa/202408-32", "reference_id": "GLSA-202408-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5926", "reference_id": "RHSA-2023:5926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5927", "reference_id": "RHSA-2023:5927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0387", "reference_id": "RHSA-2024:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10952", "reference_id": "RHSA-2024:10952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10952" }, { "reference_url": "https://usn.ubuntu.com/6305-1/", "reference_id": "USN-6305-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6305-1/" }, { "reference_url": "https://usn.ubuntu.com/6305-2/", "reference_id": "USN-6305-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6305-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-3824" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2sk-sa2j-dkcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42461?format=api", "vulnerability_id": "VCID-gu2y-9qzw-8ke4", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3823.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3823.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3823", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56953", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56975", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.5695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57002", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57004", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57012", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56991", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56968", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56997", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56994", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.5697", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.5691", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043477", "reference_id": "1043477", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043477" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229396", "reference_id": "2229396", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229396" }, { "reference_url": "https://security.gentoo.org/glsa/202408-32", "reference_id": "GLSA-202408-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5926", "reference_id": "RHSA-2023:5926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5927", "reference_id": "RHSA-2023:5927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0387", "reference_id": "RHSA-2024:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10952", "reference_id": "RHSA-2024:10952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10952" }, { "reference_url": "https://usn.ubuntu.com/6305-1/", "reference_id": "USN-6305-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6305-1/" }, { "reference_url": "https://usn.ubuntu.com/6305-2/", "reference_id": "USN-6305-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6305-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-3823" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gu2y-9qzw-8ke4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43019?format=api", "vulnerability_id": "VCID-h5jx-kf86-5yej", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which\n could result in the execution of arbitrary shell commands.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7066.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7066.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7066", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.81258", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.81383", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.81321", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.81358", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.81361", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.8136", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.81267", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.8129", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.81288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.81317", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.81322", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.81342", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01533", "scoring_system": "epss", "scoring_elements": "0.81329", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7066" }, { "reference_url": "https://bugs.php.net/bug.php?id=79329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.php.net/bug.php?id=79329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200403-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200403-0001/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4717", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4717" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4719" }, { "reference_url": "https://www.tenable.com/security/tns-2021-14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2021-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820604", "reference_id": "1820604", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820604" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tenable:tenable.sc:5.19.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tenable:tenable.sc:5.19.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tenable:tenable.sc:5.19.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7066", "reference_id": "CVE-2020-7066", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7066" }, { "reference_url": "https://security.gentoo.org/glsa/202003-57", "reference_id": "GLSA-202003-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3662", "reference_id": "RHSA-2020:3662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5275", "reference_id": "RHSA-2020:5275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5275" }, { "reference_url": "https://usn.ubuntu.com/4330-1/", "reference_id": "USN-4330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4330-1/" }, { "reference_url": "https://usn.ubuntu.com/4330-2/", "reference_id": "USN-4330-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4330-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935091?format=api", "purl": "pkg:deb/debian/php7.4@7.4.5-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.5-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7066" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h5jx-kf86-5yej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42458?format=api", "vulnerability_id": "VCID-h7pk-y5gm-kyg7", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0567.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0567.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1787", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17603", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17773", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17791", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17746", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17698", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17645", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17654", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17692", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17923", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17624", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17712", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368", "reference_id": "1031368", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170771", "reference_id": "2170771", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170771" }, { "reference_url": "https://bugs.php.net/bug.php?id=81744", "reference_id": "bug.php?id=81744", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-01T15:34:47Z/" } ], "url": "https://bugs.php.net/bug.php?id=81744" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4", "reference_id": "GHSA-7fj2-8x79-rjf4", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-01T15:34:47Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4" }, { "reference_url": "https://security.gentoo.org/glsa/202408-32", "reference_id": "GLSA-202408-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5926", "reference_id": "RHSA-2023:5926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5927", "reference_id": "RHSA-2023:5927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0387", "reference_id": "RHSA-2024:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10952", "reference_id": "RHSA-2024:10952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10952" }, { "reference_url": "https://usn.ubuntu.com/5902-1/", "reference_id": "USN-5902-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5902-1/" }, { "reference_url": "https://usn.ubuntu.com/6053-1/", "reference_id": "USN-6053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6053-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935100?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u3?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u3%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-0567" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h7pk-y5gm-kyg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43012?format=api", "vulnerability_id": "VCID-hak4-3ww9-aydn", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which\n could result in the execution of arbitrary shell commands.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7059.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.84888", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.84903", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.84921", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.84925", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.84948", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.84955", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.84971", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.8497", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.84965", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.84986", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.84988", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.84985", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.85011", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11045", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11045" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11046", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11046" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11050", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11050" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797776", "reference_id": "1797776", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797776" }, { "reference_url": "https://security.gentoo.org/glsa/202003-57", "reference_id": "GLSA-202003-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3662", "reference_id": "RHSA-2020:3662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5275", "reference_id": "RHSA-2020:5275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5275" }, { "reference_url": "https://usn.ubuntu.com/4279-1/", "reference_id": "USN-4279-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4279-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935088?format=api", "purl": "pkg:deb/debian/php7.4@7.4.2-7?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.2-7%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7059" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hak4-3ww9-aydn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43013?format=api", "vulnerability_id": "VCID-hv57-6hth-6qfj", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which\n could result in the execution of arbitrary shell commands.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7060.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.90985", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.9099", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.90999", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.9101", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.91022", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.91028", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.91036", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.9106", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.91058", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.91061", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.91074", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7060" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11045", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11045" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11046", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11046" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11050", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11050" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797779", "reference_id": "1797779", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797779" }, { "reference_url": "https://security.gentoo.org/glsa/202003-57", "reference_id": "GLSA-202003-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3662", "reference_id": "RHSA-2020:3662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5275", "reference_id": "RHSA-2020:5275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5275" }, { "reference_url": "https://usn.ubuntu.com/4279-1/", "reference_id": "USN-4279-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4279-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935088?format=api", "purl": "pkg:deb/debian/php7.4@7.4.2-7?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.2-7%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7060" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hv57-6hth-6qfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48765?format=api", "vulnerability_id": "VCID-k9ne-3nu5-xqdv", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21703.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21703.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21703", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32825", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32662", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32847", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32811", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32956", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32991", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32814", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32861", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.3289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32891", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32853", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32828", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.3287", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21703" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016535", "reference_id": "2016535", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016535" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997003", "reference_id": "997003", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997003" }, { "reference_url": "https://security.archlinux.org/AVG-2486", "reference_id": "AVG-2486", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2486" }, { "reference_url": "https://security.gentoo.org/glsa/202209-20", "reference_id": "GLSA-202209-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1935", "reference_id": "RHSA-2022:1935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5491", "reference_id": "RHSA-2022:5491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5491" }, { "reference_url": "https://usn.ubuntu.com/5125-1/", "reference_id": "USN-5125-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5125-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935095?format=api", "purl": "pkg:deb/debian/php7.4@7.4.25-1%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.25-1%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-21703" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k9ne-3nu5-xqdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43018?format=api", "vulnerability_id": "VCID-ky48-2f2t-c7bb", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which\n could result in the execution of arbitrary shell commands.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7065.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7065.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05019", "scoring_system": "epss", "scoring_elements": "0.89687", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05019", "scoring_system": "epss", "scoring_elements": "0.89756", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05019", "scoring_system": "epss", "scoring_elements": "0.8973", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05019", "scoring_system": "epss", "scoring_elements": "0.89746", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05019", "scoring_system": "epss", "scoring_elements": "0.89741", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05019", "scoring_system": "epss", "scoring_elements": "0.8969", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05019", "scoring_system": "epss", "scoring_elements": "0.89705", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05019", "scoring_system": "epss", "scoring_elements": "0.89707", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05019", "scoring_system": "epss", "scoring_elements": "0.89725", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05019", "scoring_system": "epss", "scoring_elements": "0.89731", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05019", "scoring_system": "epss", "scoring_elements": "0.89738", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05019", "scoring_system": "epss", "scoring_elements": "0.89737", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7065" }, { "reference_url": "https://bugs.php.net/bug.php?id=79371", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.php.net/bug.php?id=79371" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200403-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200403-0001/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4719" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.php.net/ChangeLog-7.php#7.4.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.php.net/ChangeLog-7.php#7.4.4" }, { "reference_url": "https://www.tenable.com/security/tns-2021-14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2021-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820627", "reference_id": "1820627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820627" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7065", "reference_id": "CVE-2020-7065", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7065" }, { "reference_url": "https://security.gentoo.org/glsa/202003-57", "reference_id": "GLSA-202003-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3662", "reference_id": "RHSA-2020:3662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5275", "reference_id": "RHSA-2020:5275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5275" }, { "reference_url": "https://usn.ubuntu.com/4330-1/", "reference_id": "USN-4330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4330-1/" }, { "reference_url": "https://usn.ubuntu.com/4330-2/", "reference_id": "USN-4330-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4330-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935091?format=api", "purl": "pkg:deb/debian/php7.4@7.4.5-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.5-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7065" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ky48-2f2t-c7bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42457?format=api", "vulnerability_id": "VCID-mtw1-k8na-2udv", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31631.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31631.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.71555", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.71666", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.7163", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.71635", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.71616", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.71573", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.71546", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.71585", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.71596", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.71619", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.71604", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158791", "reference_id": "2158791", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158791" }, { "reference_url": "https://bugs.php.net/bug.php?id=81740", "reference_id": "bug.php?id=81740", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-13T16:06:19Z/" } ], "url": "https://bugs.php.net/bug.php?id=81740" }, { "reference_url": "https://security.gentoo.org/glsa/202408-32", "reference_id": "GLSA-202408-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0848", "reference_id": "RHSA-2023:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0965", "reference_id": "RHSA-2023:0965", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2417", "reference_id": "RHSA-2023:2417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2903", "reference_id": "RHSA-2023:2903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2903" }, { "reference_url": "https://usn.ubuntu.com/5818-1/", "reference_id": "USN-5818-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5818-1/" }, { "reference_url": "https://usn.ubuntu.com/5905-1/", "reference_id": "USN-5905-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5905-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935100?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u3?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u3%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-31631" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtw1-k8na-2udv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70593?format=api", "vulnerability_id": "VCID-nrnn-pgxj-xugg", "summary": "php: Stream HTTP wrapper truncates redirect location to 1024 bytes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1861.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1861.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72086", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72065", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76157", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76182", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76158", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76155", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76197", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.762", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76111", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76144", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0098", "scoring_system": "epss", "scoring_elements": "0.76802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0103", "scoring_system": "epss", "scoring_elements": "0.77393", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1861" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1861", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1861" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356046", "reference_id": "2356046", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356046" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff", "reference_id": "GHSA-52jp-hrpf-2jff", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-31T12:55:53Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7418", "reference_id": "RHSA-2025:7418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7431", "reference_id": "RHSA-2025:7431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7489", "reference_id": "RHSA-2025:7489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7400-1/", "reference_id": "USN-7400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7400-1/" }, { "reference_url": "https://usn.ubuntu.com/7645-1/", "reference_id": "USN-7645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7645-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935104?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u8?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u8%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-1861" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrnn-pgxj-xugg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43017?format=api", "vulnerability_id": "VCID-p9rr-rq6w-3bhg", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which\n could result in the execution of arbitrary shell commands.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7064.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7064.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0233", "scoring_system": "epss", "scoring_elements": "0.84755", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0233", "scoring_system": "epss", "scoring_elements": "0.84877", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0233", "scoring_system": "epss", "scoring_elements": "0.84835", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0233", "scoring_system": "epss", "scoring_elements": "0.8483", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0233", "scoring_system": "epss", "scoring_elements": "0.84852", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0233", "scoring_system": "epss", "scoring_elements": "0.8485", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0233", "scoring_system": "epss", "scoring_elements": "0.8477", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0233", "scoring_system": "epss", "scoring_elements": "0.84789", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0233", "scoring_system": "epss", "scoring_elements": "0.84791", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0233", "scoring_system": "epss", "scoring_elements": "0.84814", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0233", "scoring_system": "epss", "scoring_elements": "0.8482", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0233", "scoring_system": "epss", "scoring_elements": "0.84838", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7064" }, { "reference_url": "https://bugs.php.net/bug.php?id=79282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.php.net/bug.php?id=79282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200403-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200403-0001/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4717", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4717" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4719" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.tenable.com/security/tns-2021-14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2021-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820601", "reference_id": "1820601", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820601" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7064", "reference_id": "CVE-2020-7064", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7064" }, { "reference_url": "https://security.gentoo.org/glsa/202003-57", "reference_id": "GLSA-202003-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3662", "reference_id": "RHSA-2020:3662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5275", "reference_id": "RHSA-2020:5275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5275" }, { "reference_url": "https://usn.ubuntu.com/4330-1/", "reference_id": "USN-4330-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4330-1/" }, { "reference_url": "https://usn.ubuntu.com/4330-2/", "reference_id": "USN-4330-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4330-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935091?format=api", "purl": "pkg:deb/debian/php7.4@7.4.5-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.5-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7064" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9rr-rq6w-3bhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42464?format=api", "vulnerability_id": "VCID-qymx-je6t-23a6", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2757.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2757.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.7026", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70182", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70205", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.7019", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70178", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.7022", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70229", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70208", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70126", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70141", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70118", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70166", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2757" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/12/11", "reference_id": "11", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T11:27:03Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/12/11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275068", "reference_id": "2275068", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275068" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq", "reference_id": "GHSA-fjp9-9hwx-59fq", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T11:27:03Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq" }, { "reference_url": "https://security.gentoo.org/glsa/202408-32", "reference_id": "GLSA-202408-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-32" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0011/", "reference_id": "ntap-20240510-0011", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T11:27:03Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935089?format=api", "purl": "pkg:deb/debian/php7.4@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-2757" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qymx-je6t-23a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70594?format=api", "vulnerability_id": "VCID-qyx5-b321-2udm", "summary": "php: Stream HTTP wrapper header check might omit basic auth header", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1736.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1736.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65377", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65351", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.66802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.67868", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70738", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70633", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70679", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70695", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70718", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70701", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70686", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.70731", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1736" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356041", "reference_id": "2356041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356041" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528", "reference_id": "GHSA-hgf5-96fm-v528", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T12:57:12Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7418", "reference_id": "RHSA-2025:7418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7431", "reference_id": "RHSA-2025:7431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7489", "reference_id": "RHSA-2025:7489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7400-1/", "reference_id": "USN-7400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7400-1/" }, { "reference_url": "https://usn.ubuntu.com/7645-1/", "reference_id": "USN-7645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7645-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935104?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u8?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u8%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-1736" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qyx5-b321-2udm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65492?format=api", "vulnerability_id": "VCID-rh5h-at8n-bfdj", "summary": "php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14177.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18706", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18387", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18455", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18464", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18486", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18761", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18477", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18557", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1861", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18613", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18566", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18514", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14177" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574", "reference_id": "1123574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425626", "reference_id": "2425626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425626" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7", "reference_id": "GHSA-3237-qqm7-mfv7", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:01:25Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1409", "reference_id": "RHSA-2026:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1412", "reference_id": "RHSA-2026:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1429", "reference_id": "RHSA-2026:1429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1628", "reference_id": "RHSA-2026:1628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2799", "reference_id": "RHSA-2026:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7614", "reference_id": "RHSA-2026:7614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7614" }, { "reference_url": "https://usn.ubuntu.com/7953-1/", "reference_id": "USN-7953-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7953-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935089?format=api", "purl": "pkg:deb/debian/php7.4@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-14177" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rh5h-at8n-bfdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70596?format=api", "vulnerability_id": "VCID-t862-kese-z7ae", "summary": "php: libxml streams use wrong content-type header when requesting a redirected resource", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1219.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1219.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20744", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20657", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20677", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2057", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20568", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20803", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20522", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20598", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25048", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25793", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1219" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1219" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356043", "reference_id": "2356043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356043" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc", "reference_id": "GHSA-p3x9-6h7p-cgfc", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:10:21Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7418", "reference_id": "RHSA-2025:7418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7431", "reference_id": "RHSA-2025:7431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7489", "reference_id": "RHSA-2025:7489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7400-1/", "reference_id": "USN-7400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7400-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935104?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u8?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u8%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-1219" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t862-kese-z7ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79922?format=api", "vulnerability_id": "VCID-tarw-3xd3-x3eh", "summary": "php: Special character breaks path in xml parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21707.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21707.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21707", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68306", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68449", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68424", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68401", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68326", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68346", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68322", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68373", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.6839", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68417", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68405", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68372", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.6841", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21707" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026045", "reference_id": "2026045", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026045" }, { "reference_url": "https://security.archlinux.org/AVG-2566", "reference_id": "AVG-2566", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5491", "reference_id": "RHSA-2022:5491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7628", "reference_id": "RHSA-2022:7628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7628" }, { "reference_url": "https://usn.ubuntu.com/5300-1/", "reference_id": "USN-5300-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5300-1/" }, { "reference_url": "https://usn.ubuntu.com/5300-2/", "reference_id": "USN-5300-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5300-2/" }, { "reference_url": "https://usn.ubuntu.com/5300-3/", "reference_id": "USN-5300-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5300-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935097?format=api", "purl": "pkg:deb/debian/php7.4@7.4.28-1%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.28-1%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-21707" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tarw-3xd3-x3eh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/239979?format=api", "vulnerability_id": "VCID-tawz-4cft-97bd", "summary": "In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21706", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67246", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67125", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67162", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67186", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67213", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67226", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67245", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67232", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67198", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67233", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67225", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21706" }, { "reference_url": "https://security.archlinux.org/AVG-2420", "reference_id": "AVG-2420", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2420" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935089?format=api", "purl": "pkg:deb/debian/php7.4@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-21706" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tawz-4cft-97bd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72688?format=api", "vulnerability_id": "VCID-ugx8-uqup-n3b4", "summary": "php: OOB access in ldap_escape", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.5117", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51137", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51161", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51118", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51173", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51214", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51192", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.5928", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59261", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59241", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59237", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59274", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8932" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688", "reference_id": "1088688", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327961", "reference_id": "2327961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327961" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff", "reference_id": "GHSA-g665-fm4p-vhff", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-22T17:41:35Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff" }, { "reference_url": "https://usn.ubuntu.com/7157-1/", "reference_id": "USN-7157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7157-1/" }, { "reference_url": "https://usn.ubuntu.com/7157-2/", "reference_id": "USN-7157-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7157-2/" }, { "reference_url": "https://usn.ubuntu.com/7157-3/", "reference_id": "USN-7157-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7157-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935103?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u7?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u7%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-8932" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugx8-uqup-n3b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79089?format=api", "vulnerability_id": "VCID-uq31-93sm-r3b2", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12716", "scoring_system": "epss", "scoring_elements": "0.93957", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12716", "scoring_system": "epss", "scoring_elements": "0.93967", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12716", "scoring_system": "epss", "scoring_elements": "0.93976", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12716", "scoring_system": "epss", "scoring_elements": "0.93978", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.12716", "scoring_system": "epss", "scoring_elements": "0.93987", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12716", "scoring_system": "epss", "scoring_elements": "0.9399", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12716", "scoring_system": "epss", "scoring_elements": "0.93995", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.12716", "scoring_system": "epss", "scoring_elements": "0.93994", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.12716", "scoring_system": "epss", "scoring_elements": "0.9401", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.12716", "scoring_system": "epss", "scoring_elements": "0.94015", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.12716", "scoring_system": "epss", "scoring_elements": "0.94016", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.12716", "scoring_system": "epss", "scoring_elements": "0.94018", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7067" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837842", "reference_id": "1837842", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3662", "reference_id": "RHSA-2020:3662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5275", "reference_id": "RHSA-2020:5275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5275" }, { "reference_url": "https://usn.ubuntu.com/4375-1/", "reference_id": "USN-4375-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4375-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935087?format=api", "purl": "pkg:deb/debian/php7.4@7.4.9-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.9-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2019-11048" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uq31-93sm-r3b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70595?format=api", "vulnerability_id": "VCID-uqrh-9nue-rqgx", "summary": "php: Streams HTTP wrapper does not fail for headers with invalid name and no colon", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1734.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59546", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59603", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59622", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59605", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59585", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59618", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59625", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59571", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.5954", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59591", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72513", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00757", "scoring_system": "epss", "scoring_elements": "0.73362", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1734" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356042", "reference_id": "2356042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356042" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44", "reference_id": "GHSA-pcmh-g36c-qc44", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T14:21:51Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15687", "reference_id": "RHSA-2025:15687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4263", "reference_id": "RHSA-2025:4263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7418", "reference_id": "RHSA-2025:7418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7431", "reference_id": "RHSA-2025:7431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7432", "reference_id": "RHSA-2025:7432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7489", "reference_id": "RHSA-2025:7489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7400-1/", "reference_id": "USN-7400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7400-1/" }, { "reference_url": "https://usn.ubuntu.com/7645-1/", "reference_id": "USN-7645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7645-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935104?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u8?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u8%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-1734" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqrh-9nue-rqgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68809?format=api", "vulnerability_id": "VCID-uush-g6k9-9ffm", "summary": "php: pgsql extension does not check for errors during escaping", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1735.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1735.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33221", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33187", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33052", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35234", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35532", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35522", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35471", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35525", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35558", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35514", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35493", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1735" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378689", "reference_id": "2378689", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378689" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3", "reference_id": "GHSA-hrwm-9436-5mv3", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T15:58:08Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23309", "reference_id": "RHSA-2025:23309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1409", "reference_id": "RHSA-2026:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1412", "reference_id": "RHSA-2026:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2470", "reference_id": "RHSA-2026:2470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2470" }, { "reference_url": "https://usn.ubuntu.com/7648-1/", "reference_id": "USN-7648-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-1/" }, { "reference_url": "https://usn.ubuntu.com/7648-2/", "reference_id": "USN-7648-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-2/" }, { "reference_url": "https://usn.ubuntu.com/7648-3/", "reference_id": "USN-7648-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7648-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935105?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u9?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u9%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-1735" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uush-g6k9-9ffm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35778?format=api", "vulnerability_id": "VCID-v42g-pabn-yqe7", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8925.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8925.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8925", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02395", "scoring_system": "epss", "scoring_elements": "0.85085", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02395", "scoring_system": "epss", "scoring_elements": "0.8504", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02395", "scoring_system": "epss", "scoring_elements": "0.85061", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02395", "scoring_system": "epss", "scoring_elements": "0.85064", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02395", "scoring_system": "epss", "scoring_elements": "0.84978", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02395", "scoring_system": "epss", "scoring_elements": "0.84995", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02395", "scoring_system": "epss", "scoring_elements": "0.85", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02395", "scoring_system": "epss", "scoring_elements": "0.85022", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02395", "scoring_system": "epss", "scoring_elements": "0.85029", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02395", "scoring_system": "epss", "scoring_elements": "0.85045", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02395", "scoring_system": "epss", "scoring_elements": "0.85044", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8925" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317049", "reference_id": "2317049", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317049" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32", "reference_id": "GHSA-9pqp-7h25-4f32", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T12:56:50Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32" }, { "reference_url": "https://security.gentoo.org/glsa/202501-11", "reference_id": "GLSA-202501-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10949", "reference_id": "RHSA-2024:10949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10950", "reference_id": "RHSA-2024:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10951", "reference_id": "RHSA-2024:10951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10952", "reference_id": "RHSA-2024:10952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7315", "reference_id": "RHSA-2025:7315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7315" }, { "reference_url": "https://usn.ubuntu.com/7049-1/", "reference_id": "USN-7049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7049-1/" }, { "reference_url": "https://usn.ubuntu.com/7049-2/", "reference_id": "USN-7049-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7049-2/" }, { "reference_url": "https://usn.ubuntu.com/7049-3/", "reference_id": "USN-7049-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7049-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935101?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u6?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u6%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-8925" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v42g-pabn-yqe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73710?format=api", "vulnerability_id": "VCID-vfx1-jn3w-1fb9", "summary": "php: PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8926.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8926.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85942", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85925", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.8593", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85921", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85851", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85868", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85872", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85891", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.859", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85915", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85913", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85907", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8926" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317050", "reference_id": "2317050", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317050" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq", "reference_id": "GHSA-p99j-rfp4-xqvq", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T12:55:27Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935089?format=api", "purl": "pkg:deb/debian/php7.4@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-8926" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfx1-jn3w-1fb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42460?format=api", "vulnerability_id": "VCID-vz8y-te3y-gqhp", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0662.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0662.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44424", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44297", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44422", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44479", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44469", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44399", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44446", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.4438", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44431", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44438", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44455", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368", "reference_id": "1031368", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170761", "reference_id": "2170761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170761" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv", "reference_id": "GHSA-54hq-v5wp-fqgv", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:57:39Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv" }, { "reference_url": "https://security.gentoo.org/glsa/202408-32", "reference_id": "GLSA-202408-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-32" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230517-0001/", "reference_id": "ntap-20230517-0001", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:57:39Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230517-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5926", "reference_id": "RHSA-2023:5926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5927", "reference_id": "RHSA-2023:5927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0387", "reference_id": "RHSA-2024:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0387" }, { "reference_url": "https://usn.ubuntu.com/5902-1/", "reference_id": "USN-5902-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5902-1/" }, { "reference_url": "https://usn.ubuntu.com/5905-1/", "reference_id": "USN-5905-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5905-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935100?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u3?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u3%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-0662" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vz8y-te3y-gqhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61678?format=api", "vulnerability_id": "VCID-w3f2-4edy-zyg4", "summary": "A vulnerabilities in PHP could lead to a Denial of Service\n condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7068.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7068.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.73982", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.73988", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74015", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.73986", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.7402", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74034", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74056", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74037", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.7403", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74069", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.7407", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00799", "scoring_system": "epss", "scoring_elements": "0.74104", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7069", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7070" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21702" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868109", "reference_id": "1868109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868109" }, { "reference_url": "https://security.gentoo.org/glsa/202009-10", "reference_id": "GLSA-202009-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202009-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2992", "reference_id": "RHSA-2021:2992", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2992" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4213", "reference_id": "RHSA-2021:4213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4213" }, { "reference_url": "https://usn.ubuntu.com/5006-1/", "reference_id": "USN-5006-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5006-1/" }, { "reference_url": "https://usn.ubuntu.com/5006-2/", "reference_id": "USN-5006-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5006-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935087?format=api", "purl": "pkg:deb/debian/php7.4@7.4.9-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.9-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7068" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3f2-4edy-zyg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42466?format=api", "vulnerability_id": "VCID-x2s3-ku1g-gfgh", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4577.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4577.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94374", "scoring_system": "epss", "scoring_elements": "0.99967", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.94374", "scoring_system": "epss", "scoring_elements": "0.99966", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.94393", "scoring_system": "epss", "scoring_elements": "0.99972", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4577" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/07/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/pull/19247", "reference_id": "19247", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://github.com/rapid7/metasploit-framework/pull/19247" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2291281", "reference_id": "2291281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2291281" }, { "reference_url": "https://isc.sans.edu/diary/30994", "reference_id": "30994", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://isc.sans.edu/diary/30994" }, { "reference_url": "https://www.php.net/ChangeLog-8.php#8.1.29", "reference_id": "ChangeLog-8.php#8.1.29", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://www.php.net/ChangeLog-8.php#8.1.29" }, { "reference_url": "https://www.php.net/ChangeLog-8.php#8.2.20", "reference_id": "ChangeLog-8.php#8.2.20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://www.php.net/ChangeLog-8.php#8.2.20" }, { "reference_url": "https://www.php.net/ChangeLog-8.php#8.3.8", "reference_id": "ChangeLog-8.php#8.3.8", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://www.php.net/ChangeLog-8.php#8.3.8" }, { "reference_url": "https://github.com/11whoami99/CVE-2024-4577", "reference_id": "CVE-2024-4577", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://github.com/11whoami99/CVE-2024-4577" }, { "reference_url": "https://github.com/watchtowrlabs/CVE-2024-4577", "reference_id": "CVE-2024-4577", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://github.com/watchtowrlabs/CVE-2024-4577" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52331.py", "reference_id": "CVE-2024-4577", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52331.py" }, { "reference_url": "https://github.com/xcanwin/CVE-2024-4577-PHP-RCE", "reference_id": "CVE-2024-4577-PHP-RCE", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://github.com/xcanwin/CVE-2024-4577-PHP-RCE" }, { "reference_url": "https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html", "reference_id": "cve-2024-4577-yet-another-php-rce.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html" }, { "reference_url": "https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv", "reference_id": "GHSA-3qgc-jrrr-25jv", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv" }, { "reference_url": "https://security.gentoo.org/glsa/202408-32", "reference_id": "GLSA-202408-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-32" }, { "reference_url": "https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/", "reference_id": "imperva-protects-against-critical-php-vulnerability-cve-2024-4577", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/" }, { "reference_url": "https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/", "reference_id": "no-way-php-strikes-again-cve-2024-4577", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0008/", "reference_id": "ntap-20240621-0008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0008/" }, { "reference_url": "https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/", "reference_id": "php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/", "reference_id": "PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/" }, { "reference_url": "https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/", "reference_id": "security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/", "reference_id": "W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/" }, { "reference_url": "https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately", "reference_id": "warning-php-remote-code-execution-patch-immediately", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/" } ], "url": "https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935089?format=api", "purl": "pkg:deb/debian/php7.4@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-4577" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2s3-ku1g-gfgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48772?format=api", "vulnerability_id": "VCID-yfbz-bzvk-xke4", "summary": "Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31626.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31626.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1024", "scoring_system": "epss", "scoring_elements": "0.93181", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.1024", "scoring_system": "epss", "scoring_elements": "0.93168", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.1024", "scoring_system": "epss", "scoring_elements": "0.93176", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.1024", "scoring_system": "epss", "scoring_elements": "0.93128", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.1024", "scoring_system": "epss", "scoring_elements": "0.93132", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1024", "scoring_system": "epss", "scoring_elements": "0.9313", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.1024", "scoring_system": "epss", "scoring_elements": "0.93139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.1024", "scoring_system": "epss", "scoring_elements": "0.93144", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.1024", "scoring_system": "epss", "scoring_elements": "0.93149", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.1024", "scoring_system": "epss", "scoring_elements": "0.93146", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.1024", "scoring_system": "epss", "scoring_elements": "0.93147", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.1024", "scoring_system": "epss", "scoring_elements": "0.93164", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098523", "reference_id": "2098523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098523" }, { "reference_url": "https://security.archlinux.org/AVG-2768", "reference_id": "AVG-2768", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2768" }, { "reference_url": "https://security.gentoo.org/glsa/202209-20", "reference_id": "GLSA-202209-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5467", "reference_id": "RHSA-2022:5467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5468", "reference_id": "RHSA-2022:5468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5471", "reference_id": "RHSA-2022:5471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5491", "reference_id": "RHSA-2022:5491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5904", "reference_id": "RHSA-2022:5904", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5904" }, { "reference_url": "https://usn.ubuntu.com/5479-1/", "reference_id": "USN-5479-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5479-1/" }, { "reference_url": "https://usn.ubuntu.com/5479-2/", "reference_id": "USN-5479-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5479-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935098?format=api", "purl": "pkg:deb/debian/php7.4@7.4.30-1%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.30-1%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-31626" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfbz-bzvk-xke4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43014?format=api", "vulnerability_id": "VCID-zjc4-mxte-f7hz", "summary": "Multiple vulnerabilities have been found in PHP, the worst of which\n could result in the execution of arbitrary shell commands.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7061.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7061.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02767", "scoring_system": "epss", "scoring_elements": "0.85967", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02767", "scoring_system": "epss", "scoring_elements": "0.85978", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02767", "scoring_system": "epss", "scoring_elements": "0.85994", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02767", "scoring_system": "epss", "scoring_elements": "0.86013", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02767", "scoring_system": "epss", "scoring_elements": "0.86023", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02767", "scoring_system": "epss", "scoring_elements": "0.86037", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02767", "scoring_system": "epss", "scoring_elements": "0.86035", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02767", "scoring_system": "epss", "scoring_elements": "0.8603", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02767", "scoring_system": "epss", "scoring_elements": "0.86048", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02767", "scoring_system": "epss", "scoring_elements": "0.86053", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02767", "scoring_system": "epss", "scoring_elements": "0.86044", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02767", "scoring_system": "epss", "scoring_elements": "0.86065", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7061" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808529", "reference_id": "1808529", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808529" }, { "reference_url": "https://security.gentoo.org/glsa/202003-57", "reference_id": "GLSA-202003-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935089?format=api", "purl": "pkg:deb/debian/php7.4@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935086?format=api", "purl": "pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-7061" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zjc4-mxte-f7hz" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye" }