Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye

Type deb

Namespace debian

Name php7.4

Version 7.4.33-1+deb11u11

Qualifiers

distro	bullseye

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1abf-tsrt-1faq

vulnerability_id VCID-1abf-tsrt-1faq

summary PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7258.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7258.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7258

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05973
published_at	2026-06-05T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05964
published_at	2026-06-06T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.08071
published_at	2026-06-09T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.08102
published_at	2026-06-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.08052
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7258

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2468561
reference_id	2468561
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2468561

reference_url

https://github.com/php/php-src/security/advisories/GHSA-m8rr-4c36-8gq4

reference_id

GHSA-m8rr-4c36-8gq4

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:05:55Z/

url

https://github.com/php/php-src/security/advisories/GHSA-m8rr-4c36-8gq4

reference_url	https://access.redhat.com/errata/RHSA-2026:14125
reference_id	RHSA-2026:14125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14125

reference_url	https://access.redhat.com/errata/RHSA-2026:22142
reference_id	RHSA-2026:22142
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22142

reference_url	https://access.redhat.com/errata/RHSA-2026:22143
reference_id	RHSA-2026:22143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22143

reference_url	https://access.redhat.com/errata/RHSA-2026:22305
reference_id	RHSA-2026:22305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22305

reference_url	https://access.redhat.com/errata/RHSA-2026:22649
reference_id	RHSA-2026:22649
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22649

reference_url	https://access.redhat.com/errata/RHSA-2026:23388
reference_id	RHSA-2026:23388
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23388

fixed_packages

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u11%3Fdistro=bullseye

aliases CVE-2026-7258

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1abf-tsrt-1faq

url VCID-65d9-d7dk-ayhc

vulnerability_id VCID-65d9-d7dk-ayhc

summary In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys, processing the second entry overwrites the first in the temporary result map, freeing the original PHP object while its stale pointer remains in the map. A subsequent href reference to the freed node can copy the dangling pointer into the result. As PHP string allocations can reclaim the freed memory region, an attacker with control over the SOAP request body can exploit this use-after-free to achieve remote code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6722.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6722.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-6722

reference_id

reference_type

scores

value	0.00369
scoring_system	epss
scoring_elements	0.59136
published_at	2026-06-09T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.59146
published_at	2026-06-06T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.59138
published_at	2026-06-07T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.59121
published_at	2026-06-08T12:55:00Z

value	0.00369
scoring_system	epss
scoring_elements	0.59141
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-6722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2468560
reference_id	2468560
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2468560

reference_url

https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5

reference_id

GHSA-85c2-q967-79q5

reference_type

scores

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:M/U:Red

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T13:08:41Z/

url

https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5

reference_url	https://usn.ubuntu.com/8336-1/
reference_id	USN-8336-1
reference_type
scores
url	https://usn.ubuntu.com/8336-1/

fixed_packages

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u11%3Fdistro=bullseye

aliases CVE-2026-6722

risk_score 4.3

exploitability 0.5

weighted_severity 8.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65d9-d7dk-ayhc

url VCID-9hu1-wbsv-53dr

vulnerability_id VCID-9hu1-wbsv-53dr

summary php: NULL pointer dereference in SOAP apache:Map decoder with missing <value>

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7262.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7262.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7262

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.30893
published_at	2026-06-09T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.30938
published_at	2026-06-06T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.30904
published_at	2026-06-07T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.30873
published_at	2026-06-08T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.30971
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7262

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2468565
reference_id	2468565
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2468565

reference_url

https://github.com/php/php-src/security/advisories/GHSA-hmxp-6pc4-f3vv

reference_id

GHSA-hmxp-6pc4-f3vv

reference_type

scores

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/RE:M/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:14:44Z/

url

https://github.com/php/php-src/security/advisories/GHSA-hmxp-6pc4-f3vv

reference_url	https://access.redhat.com/errata/RHSA-2026:22142
reference_id	RHSA-2026:22142
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22142

reference_url	https://access.redhat.com/errata/RHSA-2026:22143
reference_id	RHSA-2026:22143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22143

reference_url	https://access.redhat.com/errata/RHSA-2026:22305
reference_id	RHSA-2026:22305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22305

reference_url	https://access.redhat.com/errata/RHSA-2026:22649
reference_id	RHSA-2026:22649
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22649

reference_url	https://access.redhat.com/errata/RHSA-2026:23388
reference_id	RHSA-2026:23388
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23388

reference_url	https://usn.ubuntu.com/8336-1/
reference_id	USN-8336-1
reference_type
scores
url	https://usn.ubuntu.com/8336-1/

fixed_packages

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u11%3Fdistro=bullseye

aliases CVE-2026-7262

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hu1-wbsv-53dr

url VCID-chds-wg75-bug7

vulnerability_id VCID-chds-wg75-bug7

summary php: signed integer overflow in metaphone()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7568.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7568.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7568

reference_id

reference_type

scores

value	0.00069
scoring_system	epss
scoring_elements	0.21341
published_at	2026-06-05T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.2555
published_at	2026-06-06T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25505
published_at	2026-06-07T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25446
published_at	2026-06-08T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25454
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7568

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2468566
reference_id	2468566
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2468566

reference_url

https://github.com/php/php-src/security/advisories/GHSA-96wq-48vp-hh57

reference_id

GHSA-96wq-48vp-hh57

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:25:08Z/

url

https://github.com/php/php-src/security/advisories/GHSA-96wq-48vp-hh57

reference_url	https://access.redhat.com/errata/RHSA-2026:22142
reference_id	RHSA-2026:22142
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22142

reference_url	https://access.redhat.com/errata/RHSA-2026:22143
reference_id	RHSA-2026:22143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22143

reference_url	https://access.redhat.com/errata/RHSA-2026:22305
reference_id	RHSA-2026:22305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22305

reference_url	https://access.redhat.com/errata/RHSA-2026:22649
reference_id	RHSA-2026:22649
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22649

reference_url	https://access.redhat.com/errata/RHSA-2026:23388
reference_id	RHSA-2026:23388
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23388

reference_url	https://usn.ubuntu.com/8336-1/
reference_id	USN-8336-1
reference_type
scores
url	https://usn.ubuntu.com/8336-1/

fixed_packages

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u11%3Fdistro=bullseye

aliases CVE-2026-7568

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chds-wg75-bug7

url VCID-dmzu-bds7-jka4

vulnerability_id VCID-dmzu-bds7-jka4

summary In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistance is handled incorrectly, resulting in freeing the object while keeping a pointer to it, which may lead to use-after-free. This may lead to memory corruption, information disclosure, or process crashes, with confidentiality, integrity, and availability impact on the vulnerable system.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7261.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7261.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7261

reference_id

reference_type

scores

value	0.00073
scoring_system	epss
scoring_elements	0.22402
published_at	2026-06-05T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26525
published_at	2026-06-09T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26614
published_at	2026-06-06T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26574
published_at	2026-06-07T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26518
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7261

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2468563
reference_id	2468563
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2468563

reference_url

https://github.com/php/php-src/security/advisories/GHSA-m33r-qmcv-p97q

reference_id

GHSA-m33r-qmcv-p97q

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/RE:M/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:14:14Z/

url

https://github.com/php/php-src/security/advisories/GHSA-m33r-qmcv-p97q

reference_url	https://usn.ubuntu.com/8336-1/
reference_id	USN-8336-1
reference_type
scores
url	https://usn.ubuntu.com/8336-1/

fixed_packages

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u11%3Fdistro=bullseye

aliases CVE-2026-7261

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmzu-bds7-jka4

url VCID-x2uv-fkuq-q7dv

vulnerability_id VCID-x2uv-fkuq-q7dv

summary PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6735.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6735.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-6735

reference_id

reference_type

scores

value	0.00058
scoring_system	epss
scoring_elements	0.18594
published_at	2026-06-05T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.23011
published_at	2026-06-06T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22967
published_at	2026-06-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22914
published_at	2026-06-08T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22918
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-6735

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2468562
reference_id	2468562
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2468562

reference_url

https://github.com/php/php-src/security/advisories/GHSA-7qg2-v9fj-4mwv

reference_id

GHSA-7qg2-v9fj-4mwv

reference_type

scores

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/S:P/AU:Y/RE:L/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:25:43Z/

url

https://github.com/php/php-src/security/advisories/GHSA-7qg2-v9fj-4mwv

reference_url	https://access.redhat.com/errata/RHSA-2026:14125
reference_id	RHSA-2026:14125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14125

reference_url	https://access.redhat.com/errata/RHSA-2026:22142
reference_id	RHSA-2026:22142
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22142

reference_url	https://access.redhat.com/errata/RHSA-2026:22143
reference_id	RHSA-2026:22143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22143

reference_url	https://access.redhat.com/errata/RHSA-2026:22305
reference_id	RHSA-2026:22305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22305

reference_url	https://access.redhat.com/errata/RHSA-2026:22649
reference_id	RHSA-2026:22649
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22649

reference_url	https://access.redhat.com/errata/RHSA-2026:23388
reference_id	RHSA-2026:23388
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23388

reference_url	https://usn.ubuntu.com/8336-1/
reference_id	USN-8336-1
reference_type
scores
url	https://usn.ubuntu.com/8336-1/

fixed_packages

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u11?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u11%3Fdistro=bullseye

aliases CVE-2026-6735

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2uv-fkuq-q7dv

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u11%3Fdistro=bullseye

Package Instance