{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","type":"deb","namespace":"debian","name":"php8.2","version":"8.2.29-1~deb12u1","qualifiers":{"distro":"bookworm"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"8.2.30-1~deb12u1","latest_non_vulnerable_version":"8.2.31-1~deb12u1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356794?format=json","vulnerability_id":"VCID-1c54-yzn6-qbef","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7262","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23864","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23832","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28578","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.286","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7262"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054","reference_id":"1136054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-hmxp-6pc4-f3vv","reference_id":"GHSA-hmxp-6pc4-f3vv","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/RE:M/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:14:44Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-hmxp-6pc4-f3vv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/1108358?format=json","purl":"pkg:deb/debian/php8.2@8.2.31-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.31-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2026-7262"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1c54-yzn6-qbef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72687?format=json","vulnerability_id":"VCID-1re1-15w4-cqeq","summary":"php: Leak partial content of the heap through heap buffer over-read in mysqlnd","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8929.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8929.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8929","reference_id":"","reference_type":"","scores":[{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71377","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71285","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.7132","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71283","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71311","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71367","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71121","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71163","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71176","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71199","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71185","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71169","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71215","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71221","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71253","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.7126","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71263","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71248","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71566","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71584","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8929"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688","reference_id":"1088688","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327960","reference_id":"2327960","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327960"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678","reference_id":"GHSA-h35g-vwh6-m678","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-22T17:37:12Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15687","reference_id":"RHSA-2025:15687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4263","reference_id":"RHSA-2025:4263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7315","reference_id":"RHSA-2025:7315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7432","reference_id":"RHSA-2025:7432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://usn.ubuntu.com/7157-1/","reference_id":"USN-7157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7157-1/"},{"reference_url":"https://usn.ubuntu.com/7157-3/","reference_id":"USN-7157-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7157-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935113?format=json","purl":"pkg:deb/debian/php8.2@8.2.26-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.26-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-8929"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1re1-15w4-cqeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65493?format=json","vulnerability_id":"VCID-26ab-3bt8-jkf3","summary":"php: heap-based buffer overflow in array_merge()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14178.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14178","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05698","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05863","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05927","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05966","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05947","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05938","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05929","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05895","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05905","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06057","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06081","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0611","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05896","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05889","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07362","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07368","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07347","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07132","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07119","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07287","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08811","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14178"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14178"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574","reference_id":"1123574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425625","reference_id":"2425625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425625"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2","reference_id":"GHSA-h96m-rvf9-jgm2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:00:50Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1169","reference_id":"RHSA-2026:1169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1169"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1185","reference_id":"RHSA-2026:1185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1187","reference_id":"RHSA-2026:1187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1190","reference_id":"RHSA-2026:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1409","reference_id":"RHSA-2026:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1412","reference_id":"RHSA-2026:1412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1429","reference_id":"RHSA-2026:1429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1628","reference_id":"RHSA-2026:1628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2799","reference_id":"RHSA-2026:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4077","reference_id":"RHSA-2026:4077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4086","reference_id":"RHSA-2026:4086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4212","reference_id":"RHSA-2026:4212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4266","reference_id":"RHSA-2026:4266","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4266"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4507","reference_id":"RHSA-2026:4507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4514","reference_id":"RHSA-2026:4514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4517","reference_id":"RHSA-2026:4517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7614","reference_id":"RHSA-2026:7614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7614"},{"reference_url":"https://usn.ubuntu.com/7953-1/","reference_id":"USN-7953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935118?format=json","purl":"pkg:deb/debian/php8.2@8.2.30-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.30-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2025-14178"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26ab-3bt8-jkf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76926?format=json","vulnerability_id":"VCID-32yk-5b4h-4bfv","summary":"php: Fail to Escape Arguments Properly in Microsoft Windows","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1874.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1874.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1874","reference_id":"","reference_type":"","scores":[{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.9843","published_at":"2026-05-15T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.984","published_at":"2026-04-07T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.98403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.98404","published_at":"2026-04-09T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.98407","published_at":"2026-04-13T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.98412","published_at":"2026-04-21T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.98415","published_at":"2026-04-24T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.98416","published_at":"2026-04-29T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.9842","published_at":"2026-05-05T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.98421","published_at":"2026-05-07T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.98423","published_at":"2026-05-11T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.98425","published_at":"2026-05-12T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.98429","published_at":"2026-05-14T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.98394","published_at":"2026-04-02T12:55:00Z"},{"value":"0.63376","scoring_system":"epss","scoring_elements":"0.98397","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1874"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/06/07/1","reference_id":"1","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-29T13:05:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/06/07/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/12/11","reference_id":"11","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-29T13:05:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/12/11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2267262","reference_id":"2267262","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2267262"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7","reference_id":"GHSA-pc52-254m-w9w7","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-29T13:05:18Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0009/","reference_id":"ntap-20240510-0009","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-29T13:05:18Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0009/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/","reference_id":"PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-29T13:05:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/","reference_id":"W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-29T13:05:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935109?format=json","purl":"pkg:deb/debian/php8.2@0?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@0%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-1874"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-32yk-5b4h-4bfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72685?format=json","vulnerability_id":"VCID-341r-8amt-z7dr","summary":"php: Configuring a proxy in a stream context might allow for CRLF injection in URIs","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11234.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11234.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11234","reference_id":"","reference_type":"","scores":[{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78716","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78595","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78611","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78635","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.7865","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78647","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78662","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78702","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78514","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78539","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78521","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78541","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78571","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01153","scoring_system":"epss","scoring_elements":"0.78578","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01559","scoring_system":"epss","scoring_elements":"0.81462","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01559","scoring_system":"epss","scoring_elements":"0.81434","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02098","scoring_system":"epss","scoring_elements":"0.84011","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02098","scoring_system":"epss","scoring_elements":"0.83996","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11234"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688","reference_id":"1088688","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2328523","reference_id":"2328523","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2328523"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2","reference_id":"GHSA-c5f2-jwm7-mmq2","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-24T12:32:39Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15687","reference_id":"RHSA-2025:15687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4263","reference_id":"RHSA-2025:4263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7315","reference_id":"RHSA-2025:7315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7432","reference_id":"RHSA-2025:7432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://usn.ubuntu.com/7157-1/","reference_id":"USN-7157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7157-1/"},{"reference_url":"https://usn.ubuntu.com/7157-3/","reference_id":"USN-7157-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7157-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935113?format=json","purl":"pkg:deb/debian/php8.2@8.2.26-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.26-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-11234"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-341r-8amt-z7dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65494?format=json","vulnerability_id":"VCID-46m1-33z3-ruhk","summary":"php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14180.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14180","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10092","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10018","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10155","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10051","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10127","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10227","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10167","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1004","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10147","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10123","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10102","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1219","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12078","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11992","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12129","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12186","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12166","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15244","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15255","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14180"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574","reference_id":"1123574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425627","reference_id":"2425627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425627"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj","reference_id":"GHSA-8xr5-qppj-gvwj","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-29T15:59:59Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1169","reference_id":"RHSA-2026:1169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1169"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1185","reference_id":"RHSA-2026:1185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1187","reference_id":"RHSA-2026:1187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1190","reference_id":"RHSA-2026:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1409","reference_id":"RHSA-2026:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1412","reference_id":"RHSA-2026:1412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1429","reference_id":"RHSA-2026:1429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1628","reference_id":"RHSA-2026:1628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7614","reference_id":"RHSA-2026:7614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7614"},{"reference_url":"https://usn.ubuntu.com/7953-1/","reference_id":"USN-7953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935118?format=json","purl":"pkg:deb/debian/php8.2@8.2.30-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.30-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2025-14180"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-46m1-33z3-ruhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35779?format=json","vulnerability_id":"VCID-53h9-y2ns-jfh1","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8927.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8927.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8927","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63791","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63705","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63731","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63783","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63596","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63622","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63581","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63633","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63649","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63664","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63616","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63653","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63662","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63677","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63672","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63646","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63689","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63741","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8927"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317051","reference_id":"2317051","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317051"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp","reference_id":"GHSA-94p6-54jq-9mwp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T12:50:40Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp"},{"reference_url":"https://security.gentoo.org/glsa/202501-11","reference_id":"GLSA-202501-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202501-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10949","reference_id":"RHSA-2024:10949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10950","reference_id":"RHSA-2024:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10951","reference_id":"RHSA-2024:10951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7315","reference_id":"RHSA-2025:7315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7315"},{"reference_url":"https://usn.ubuntu.com/7049-1/","reference_id":"USN-7049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7049-1/"},{"reference_url":"https://usn.ubuntu.com/7049-2/","reference_id":"USN-7049-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7049-2/"},{"reference_url":"https://usn.ubuntu.com/7049-3/","reference_id":"USN-7049-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7049-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935116?format=json","purl":"pkg:deb/debian/php8.2@8.2.24-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.24-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-8927"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53h9-y2ns-jfh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42468?format=json","vulnerability_id":"VCID-5jts-46jw-tfdp","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5585.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5585.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5585","reference_id":"","reference_type":"","scores":[{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75465","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75321","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75312","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75347","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75351","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75354","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75363","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75392","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75417","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75396","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75403","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75459","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75226","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75257","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75234","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75287","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75308","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75286","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75275","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00874","scoring_system":"epss","scoring_elements":"0.75314","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5585"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/06/07/1","reference_id":"1","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-16T17:52:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/06/07/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2291311","reference_id":"2291311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2291311"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385","reference_id":"GHSA-9fcc-425m-g385","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-16T17:52:45Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240726-0002/","reference_id":"ntap-20240726-0002","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-16T17:52:45Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240726-0002/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/","reference_id":"PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-16T17:52:45Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/","reference_id":"W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-16T17:52:45Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935109?format=json","purl":"pkg:deb/debian/php8.2@0?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@0%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-5585"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5jts-46jw-tfdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35780?format=json","vulnerability_id":"VCID-6g29-te13-kucu","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9026.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9026.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9026","reference_id":"","reference_type":"","scores":[{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75359","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.7529","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75298","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75354","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75127","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75157","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75134","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75168","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.7518","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75202","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75206","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75212","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75243","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75247","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75256","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75284","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75309","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9026"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317144","reference_id":"2317144","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317144"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5","reference_id":"GHSA-865w-9rf3-2wh5","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T12:47:58Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5"},{"reference_url":"https://security.gentoo.org/glsa/202501-11","reference_id":"GLSA-202501-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202501-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10949","reference_id":"RHSA-2024:10949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10950","reference_id":"RHSA-2024:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10951","reference_id":"RHSA-2024:10951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7315","reference_id":"RHSA-2025:7315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7315"},{"reference_url":"https://usn.ubuntu.com/7049-1/","reference_id":"USN-7049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7049-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935116?format=json","purl":"pkg:deb/debian/php8.2@8.2.24-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.24-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-9026"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6g29-te13-kucu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72686?format=json","vulnerability_id":"VCID-7151-69v8-cqaj","summary":"php: Integer overflow in the firebird and dblib quoters causing OOB writes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11236.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11236.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11236","reference_id":"","reference_type":"","scores":[{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55628","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55645","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.556","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55624","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55653","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55665","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55656","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63521","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63432","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63459","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63511","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63383","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63391","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63368","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63387","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.634","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63398","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63371","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63415","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63468","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11236"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11236","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11236"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688","reference_id":"1088688","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2328522","reference_id":"2328522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2328522"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv","reference_id":"GHSA-5hqh-c84r-qjcv","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-24T12:32:23Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv"},{"reference_url":"https://usn.ubuntu.com/7153-1/","reference_id":"USN-7153-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7153-1/"},{"reference_url":"https://usn.ubuntu.com/7157-1/","reference_id":"USN-7157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935113?format=json","purl":"pkg:deb/debian/php8.2@8.2.26-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.26-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-11236"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7151-69v8-cqaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68810?format=json","vulnerability_id":"VCID-7qqj-hp6m-z7bh","summary":"php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6491.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6491.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6491","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45447","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45427","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48623","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48569","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48566","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48587","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.4856","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48573","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48618","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48576","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48572","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50687","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50634","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50713","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73676","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73734","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73741","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73692","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73653","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6491"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378690","reference_id":"2378690","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378690"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x","reference_id":"GHSA-453j-q27h-5p8x","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T15:59:51Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23309","reference_id":"RHSA-2025:23309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1409","reference_id":"RHSA-2026:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1412","reference_id":"RHSA-2026:1412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://usn.ubuntu.com/7648-1/","reference_id":"USN-7648-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7648-1/"},{"reference_url":"https://usn.ubuntu.com/7648-2/","reference_id":"USN-7648-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7648-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2025-6491"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7qqj-hp6m-z7bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356792?format=json","vulnerability_id":"VCID-8qkp-bc9v-3ua6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7263","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12861","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12764","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1279","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12855","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7263"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054","reference_id":"1136054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733","reference_id":"GHSA-4jhr-8w89-j733","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/RE:M/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:04:22Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935109?format=json","purl":"pkg:deb/debian/php8.2@0?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@0%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2026-7263"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qkp-bc9v-3ua6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72684?format=json","vulnerability_id":"VCID-9byf-ymwr-eug8","summary":"php: Single byte overread with convert.quoted-printable-decode filter","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11233.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11233.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11233","reference_id":"","reference_type":"","scores":[{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72812","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72725","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.7275","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72804","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72584","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.726","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72577","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72615","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72627","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72651","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72633","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72623","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72665","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72676","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72667","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72709","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72719","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72714","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72707","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72737","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72762","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688","reference_id":"1088688","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2328521","reference_id":"2328521","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2328521"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43","reference_id":"GHSA-r977-prxv-hc43","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-24T12:32:59Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15687","reference_id":"RHSA-2025:15687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4263","reference_id":"RHSA-2025:4263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7315","reference_id":"RHSA-2025:7315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7432","reference_id":"RHSA-2025:7432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://usn.ubuntu.com/7157-1/","reference_id":"USN-7157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7157-1/"},{"reference_url":"https://usn.ubuntu.com/7157-3/","reference_id":"USN-7157-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7157-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935113?format=json","purl":"pkg:deb/debian/php8.2@8.2.26-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.26-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-11233"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9byf-ymwr-eug8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42459?format=json","vulnerability_id":"VCID-9p3x-8hp1-2bge","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0568.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0568.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0568","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36073","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36055","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40208","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40276","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40295","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40198","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40223","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40634","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40644","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40625","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40653","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40622","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40546","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40443","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.4043","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40348","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368","reference_id":"1031368","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170770","reference_id":"2170770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170770"},{"reference_url":"https://bugs.php.net/bug.php?id=81746","reference_id":"bug.php?id=81746","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:56:58Z/"}],"url":"https://bugs.php.net/bug.php?id=81746"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230517-0001/","reference_id":"ntap-20230517-0001","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:56:58Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230517-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5926","reference_id":"RHSA-2023:5926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5927","reference_id":"RHSA-2023:5927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0387","reference_id":"RHSA-2024:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://usn.ubuntu.com/5902-1/","reference_id":"USN-5902-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5902-1/"},{"reference_url":"https://usn.ubuntu.com/5905-1/","reference_id":"USN-5905-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5905-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935110?format=json","purl":"pkg:deb/debian/php8.2@8.2.4-1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.4-1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2023-0568"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9p3x-8hp1-2bge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78305?format=json","vulnerability_id":"VCID-a21g-6nbb-fbb1","summary":"php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3247.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3247.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3247","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46145","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46113","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46085","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46094","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46149","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.4609","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46071","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.4608","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46022","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45921","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46089","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46036","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46092","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59869","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.5991","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59975","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59985","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59927","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59884","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219290","reference_id":"2219290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219290"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw","reference_id":"GHSA-76gg-c692-v2mw","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T19:41:48Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5926","reference_id":"RHSA-2023:5926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5927","reference_id":"RHSA-2023:5927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0387","reference_id":"RHSA-2024:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://usn.ubuntu.com/6199-1/","reference_id":"USN-6199-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6199-1/"},{"reference_url":"https://usn.ubuntu.com/6199-2/","reference_id":"USN-6199-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6199-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935111?format=json","purl":"pkg:deb/debian/php8.2@8.2.7-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.7-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2023-3247"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a21g-6nbb-fbb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70597?format=json","vulnerability_id":"VCID-bf18-3zx5-f7gr","summary":"php: Header parser of http stream wrapper does not handle folded headers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1217.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1217","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2253","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22487","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27005","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2698","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27049","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27094","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27097","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27053","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26996","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26979","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42347","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43752","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43733","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43701","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43638","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43669","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43814","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43816","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43736","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43609","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43684","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1217"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355917","reference_id":"2355917","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355917"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g","reference_id":"GHSA-v8xr-gpvj-cx9g","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:A"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:23:16Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15687","reference_id":"RHSA-2025:15687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4263","reference_id":"RHSA-2025:4263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7418","reference_id":"RHSA-2025:7418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7431","reference_id":"RHSA-2025:7431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7432","reference_id":"RHSA-2025:7432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7489","reference_id":"RHSA-2025:7489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7489"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://usn.ubuntu.com/7400-1/","reference_id":"USN-7400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7400-1/"},{"reference_url":"https://usn.ubuntu.com/7645-1/","reference_id":"USN-7645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7645-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935117?format=json","purl":"pkg:deb/debian/php8.2@8.2.28-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.28-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2025-1217"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bf18-3zx5-f7gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357649?format=json","vulnerability_id":"VCID-bz2k-w3ps-afht","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14179","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08437","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08429","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08765","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08792","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14179"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14179"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054","reference_id":"1136054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-w476-322c-wpvm","reference_id":"GHSA-w476-322c-wpvm","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/RE:M/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T15:23:23Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-w476-322c-wpvm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/1108358?format=json","purl":"pkg:deb/debian/php8.2@8.2.31-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.31-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2025-14179"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bz2k-w3ps-afht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42465?format=json","vulnerability_id":"VCID-dmvz-493v-mfdr","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3096.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3096.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3096","reference_id":"","reference_type":"","scores":[{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77936","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77785","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77794","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77809","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77822","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77852","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77871","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.7786","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77878","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77923","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.7767","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77697","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.7768","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77708","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77713","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77739","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77724","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77723","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.7776","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77759","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.77753","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3096"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/12/11","reference_id":"11","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T15:14:15Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/12/11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275061","reference_id":"2275061","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275061"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr","reference_id":"GHSA-h746-cjrr-wfmr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T15:14:15Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T15:14:15Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0010/","reference_id":"ntap-20240510-0010","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T15:14:15Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0010/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10949","reference_id":"RHSA-2024:10949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10950","reference_id":"RHSA-2024:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10951","reference_id":"RHSA-2024:10951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7315","reference_id":"RHSA-2025:7315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7315"},{"reference_url":"https://usn.ubuntu.com/6757-1/","reference_id":"USN-6757-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6757-1/"},{"reference_url":"https://usn.ubuntu.com/6757-2/","reference_id":"USN-6757-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6757-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935112?format=json","purl":"pkg:deb/debian/php8.2@8.2.18-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.18-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-3096"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmvz-493v-mfdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42463?format=json","vulnerability_id":"VCID-dqb9-fgsz-rycp","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2756.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2756.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2756","reference_id":"","reference_type":"","scores":[{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.92021","published_at":"2026-05-15T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91955","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91958","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91953","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91966","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91979","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91989","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.9199","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91997","published_at":"2026-05-12T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.92012","published_at":"2026-05-14T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91909","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91917","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91923","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91936","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91942","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91945","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91944","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91941","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.9196","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07745","scoring_system":"epss","scoring_elements":"0.91957","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/12/11","reference_id":"11","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T17:19:19Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/12/11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275058","reference_id":"2275058","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275058"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4","reference_id":"GHSA-wpj3-hf5j-x4v4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T17:19:19Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T17:19:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0008/","reference_id":"ntap-20240510-0008","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T17:19:19Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0008/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10949","reference_id":"RHSA-2024:10949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10950","reference_id":"RHSA-2024:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10951","reference_id":"RHSA-2024:10951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7315","reference_id":"RHSA-2025:7315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7315"},{"reference_url":"https://usn.ubuntu.com/6757-1/","reference_id":"USN-6757-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6757-1/"},{"reference_url":"https://usn.ubuntu.com/6757-2/","reference_id":"USN-6757-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6757-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935112?format=json","purl":"pkg:deb/debian/php8.2@8.2.18-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.18-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-2756"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqb9-fgsz-rycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42467?format=json","vulnerability_id":"VCID-e16f-4ynx-fqb9","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5458.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5458.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5458","reference_id":"","reference_type":"","scores":[{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87869","published_at":"2026-05-15T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87741","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87739","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87753","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87752","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87768","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87775","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87773","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87787","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87802","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.8782","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87817","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87831","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87862","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87695","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87707","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87709","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.8773","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87736","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03579","scoring_system":"epss","scoring_elements":"0.87747","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5458"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5458","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5458"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/06/07/1","reference_id":"1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-10T19:55:47Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/06/07/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072885","reference_id":"1072885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072885"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2291252","reference_id":"2291252","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2291252"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w","reference_id":"GHSA-w8qr-v226-r27w","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-10T19:55:47Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html","reference_id":"msg00009.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-10T19:55:47Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240726-0001/","reference_id":"ntap-20240726-0001","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-10T19:55:47Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240726-0001/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/","reference_id":"PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-10T19:55:47Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10949","reference_id":"RHSA-2024:10949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10950","reference_id":"RHSA-2024:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10951","reference_id":"RHSA-2024:10951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7315","reference_id":"RHSA-2025:7315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7315"},{"reference_url":"https://usn.ubuntu.com/6841-1/","reference_id":"USN-6841-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6841-1/"},{"reference_url":"https://usn.ubuntu.com/6841-2/","reference_id":"USN-6841-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6841-2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/","reference_id":"W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-10T19:55:47Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935115?format=json","purl":"pkg:deb/debian/php8.2@8.2.20-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.20-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-5458"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e16f-4ynx-fqb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79236?format=json","vulnerability_id":"VCID-fhh6-shuh-v3am","summary":"php: potential buffer overflow in php_cli_server_startup_workers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4900.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4900.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4900","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20282","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20339","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20063","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20144","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20202","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20226","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20182","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20124","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20121","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2012","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20003","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19998","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19968","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19876","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19954","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2004","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20009","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20033","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20123","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4900"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179880","reference_id":"2179880","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0848","reference_id":"RHSA-2023:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0848"},{"reference_url":"https://usn.ubuntu.com/6757-1/","reference_id":"USN-6757-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6757-1/"},{"reference_url":"https://usn.ubuntu.com/6757-2/","reference_id":"USN-6757-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6757-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935109?format=json","purl":"pkg:deb/debian/php8.2@0?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@0%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2022-4900"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhh6-shuh-v3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68662?format=json","vulnerability_id":"VCID-fyhr-st6h-eker","summary":"php: PHP Hostname Null Character Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1220.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1220","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1132","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15356","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15741","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15877","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1594","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15809","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15732","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15785","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15806","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15804","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17102","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17013","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17152","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35955","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36023","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36041","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36022","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35933","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379792","reference_id":"2379792","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379792"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r","reference_id":"GHSA-3cr5-j632-f35r","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T15:58:46Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23309","reference_id":"RHSA-2025:23309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1409","reference_id":"RHSA-2026:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1412","reference_id":"RHSA-2026:1412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://usn.ubuntu.com/7648-1/","reference_id":"USN-7648-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7648-1/"},{"reference_url":"https://usn.ubuntu.com/7648-2/","reference_id":"USN-7648-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7648-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2025-1220"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fyhr-st6h-eker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42462?format=json","vulnerability_id":"VCID-g2sk-sa2j-dkcv","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3824.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3824.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3824","reference_id":"","reference_type":"","scores":[{"value":"0.29385","scoring_system":"epss","scoring_elements":"0.96655","published_at":"2026-05-15T12:55:00Z"},{"value":"0.29385","scoring_system":"epss","scoring_elements":"0.96631","published_at":"2026-05-07T12:55:00Z"},{"value":"0.29385","scoring_system":"epss","scoring_elements":"0.96637","published_at":"2026-05-09T12:55:00Z"},{"value":"0.29385","scoring_system":"epss","scoring_elements":"0.96639","published_at":"2026-05-11T12:55:00Z"},{"value":"0.29385","scoring_system":"epss","scoring_elements":"0.96645","published_at":"2026-05-12T12:55:00Z"},{"value":"0.29385","scoring_system":"epss","scoring_elements":"0.96653","published_at":"2026-05-14T12:55:00Z"},{"value":"0.32366","scoring_system":"epss","scoring_elements":"0.96838","published_at":"2026-04-09T12:55:00Z"},{"value":"0.32366","scoring_system":"epss","scoring_elements":"0.96841","published_at":"2026-04-12T12:55:00Z"},{"value":"0.32366","scoring_system":"epss","scoring_elements":"0.96842","published_at":"2026-04-13T12:55:00Z"},{"value":"0.32366","scoring_system":"epss","scoring_elements":"0.96849","published_at":"2026-04-16T12:55:00Z"},{"value":"0.32366","scoring_system":"epss","scoring_elements":"0.96853","published_at":"2026-04-18T12:55:00Z"},{"value":"0.32366","scoring_system":"epss","scoring_elements":"0.96855","published_at":"2026-04-21T12:55:00Z"},{"value":"0.32366","scoring_system":"epss","scoring_elements":"0.96856","published_at":"2026-04-24T12:55:00Z"},{"value":"0.32366","scoring_system":"epss","scoring_elements":"0.96858","published_at":"2026-04-26T12:55:00Z"},{"value":"0.32366","scoring_system":"epss","scoring_elements":"0.96861","published_at":"2026-04-29T12:55:00Z"},{"value":"0.32366","scoring_system":"epss","scoring_elements":"0.96867","published_at":"2026-05-05T12:55:00Z"},{"value":"0.32366","scoring_system":"epss","scoring_elements":"0.96837","published_at":"2026-04-08T12:55:00Z"},{"value":"0.32366","scoring_system":"epss","scoring_elements":"0.9684","published_at":"2026-04-11T12:55:00Z"},{"value":"0.34999","scoring_system":"epss","scoring_elements":"0.97009","published_at":"2026-04-04T12:55:00Z"},{"value":"0.34999","scoring_system":"epss","scoring_elements":"0.9701","published_at":"2026-04-07T12:55:00Z"},{"value":"0.34999","scoring_system":"epss","scoring_elements":"0.97005","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3824"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043477","reference_id":"1043477","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043477"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230101","reference_id":"2230101","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230101"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5926","reference_id":"RHSA-2023:5926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5927","reference_id":"RHSA-2023:5927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0387","reference_id":"RHSA-2024:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://usn.ubuntu.com/6305-1/","reference_id":"USN-6305-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6305-1/"},{"reference_url":"https://usn.ubuntu.com/6305-2/","reference_id":"USN-6305-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6305-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935112?format=json","purl":"pkg:deb/debian/php8.2@8.2.18-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.18-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2023-3824"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2sk-sa2j-dkcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356791?format=json","vulnerability_id":"VCID-g5g6-nctv-kkfv","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7259","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10774","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10766","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13358","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13388","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7259"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054","reference_id":"1136054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-wm6j-2649-pv75","reference_id":"GHSA-wm6j-2649-pv75","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:12:58Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-wm6j-2649-pv75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/1108358?format=json","purl":"pkg:deb/debian/php8.2@8.2.31-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.31-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2026-7259"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g5g6-nctv-kkfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42461?format=json","vulnerability_id":"VCID-gu2y-9qzw-8ke4","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3823.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3823.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3823","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56953","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56975","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5695","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57002","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57004","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57012","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56991","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56968","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56997","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56994","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5697","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5691","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56928","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56912","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56866","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00604","scoring_system":"epss","scoring_elements":"0.69726","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00604","scoring_system":"epss","scoring_elements":"0.69693","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00604","scoring_system":"epss","scoring_elements":"0.69771","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00604","scoring_system":"epss","scoring_elements":"0.69782","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00604","scoring_system":"epss","scoring_elements":"0.69696","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00604","scoring_system":"epss","scoring_elements":"0.69722","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043477","reference_id":"1043477","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043477"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2229396","reference_id":"2229396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2229396"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5926","reference_id":"RHSA-2023:5926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5927","reference_id":"RHSA-2023:5927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0387","reference_id":"RHSA-2024:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://usn.ubuntu.com/6305-1/","reference_id":"USN-6305-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6305-1/"},{"reference_url":"https://usn.ubuntu.com/6305-2/","reference_id":"USN-6305-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6305-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935112?format=json","purl":"pkg:deb/debian/php8.2@8.2.18-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.18-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2023-3823"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gu2y-9qzw-8ke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42458?format=json","vulnerability_id":"VCID-h7pk-y5gm-kyg7","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0567.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0567.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0567","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13354","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13159","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13241","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13236","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13263","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1334","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17394","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.1787","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17923","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17624","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17712","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17773","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17791","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17746","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17698","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17645","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17654","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17692","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17603","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.1758","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17532","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368","reference_id":"1031368","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170771","reference_id":"2170771","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170771"},{"reference_url":"https://bugs.php.net/bug.php?id=81744","reference_id":"bug.php?id=81744","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-01T15:34:47Z/"}],"url":"https://bugs.php.net/bug.php?id=81744"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4","reference_id":"GHSA-7fj2-8x79-rjf4","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-01T15:34:47Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5926","reference_id":"RHSA-2023:5926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5927","reference_id":"RHSA-2023:5927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0387","reference_id":"RHSA-2024:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://usn.ubuntu.com/5902-1/","reference_id":"USN-5902-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5902-1/"},{"reference_url":"https://usn.ubuntu.com/6053-1/","reference_id":"USN-6053-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6053-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935110?format=json","purl":"pkg:deb/debian/php8.2@8.2.4-1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.4-1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2023-0567"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h7pk-y5gm-kyg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75372?format=json","vulnerability_id":"VCID-j3zk-dv2g-77cv","summary":"php: potential exposure to Marvin attack via unsafe implementation of RSA decryption API","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2408.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2408","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48904","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48827","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48742","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48804","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48832","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48779","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4881","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48886","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48844","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4887","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48824","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48878","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48875","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48891","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48865","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48874","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48922","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48918","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48879","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48867","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48876","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270358","reference_id":"2270358","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270358"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864","reference_id":"GHSA-hh26-4ppw-5864","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:58:06Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/","reference_id":"PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:58:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7877","reference_id":"RHSA-2023:7877","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7877"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/","reference_id":"W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:58:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935114?format=json","purl":"pkg:deb/debian/php8.2@8.2.18-1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.18-1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-2408"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j3zk-dv2g-77cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42457?format=json","vulnerability_id":"VCID-mtw1-k8na-2udv","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31631.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31631.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31631","reference_id":"","reference_type":"","scores":[{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.6876","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68748","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71555","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71695","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71727","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71724","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71573","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71546","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71585","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71596","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71619","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71604","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.7163","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71635","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71616","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71666","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71671","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71675","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71661","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2158791","reference_id":"2158791","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2158791"},{"reference_url":"https://bugs.php.net/bug.php?id=81740","reference_id":"bug.php?id=81740","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-13T16:06:19Z/"}],"url":"https://bugs.php.net/bug.php?id=81740"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0848","reference_id":"RHSA-2023:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0965","reference_id":"RHSA-2023:0965","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0965"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2417","reference_id":"RHSA-2023:2417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2903","reference_id":"RHSA-2023:2903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2903"},{"reference_url":"https://usn.ubuntu.com/5818-1/","reference_id":"USN-5818-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5818-1/"},{"reference_url":"https://usn.ubuntu.com/5905-1/","reference_id":"USN-5905-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5905-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935108?format=json","purl":"pkg:deb/debian/php8.2@8.2.1-1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.1-1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2022-31631"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtw1-k8na-2udv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70593?format=json","vulnerability_id":"VCID-nrnn-pgxj-xugg","summary":"php: Stream HTTP wrapper truncates redirect location to 1024 bytes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1861.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1861.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1861","reference_id":"","reference_type":"","scores":[{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72086","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72065","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00935","scoring_system":"epss","scoring_elements":"0.76197","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00935","scoring_system":"epss","scoring_elements":"0.76111","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00935","scoring_system":"epss","scoring_elements":"0.76144","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00935","scoring_system":"epss","scoring_elements":"0.76157","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00935","scoring_system":"epss","scoring_elements":"0.76182","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00935","scoring_system":"epss","scoring_elements":"0.76158","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00935","scoring_system":"epss","scoring_elements":"0.76155","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00935","scoring_system":"epss","scoring_elements":"0.762","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0098","scoring_system":"epss","scoring_elements":"0.76802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77537","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77522","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77469","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77458","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77476","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77393","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77398","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77411","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77419","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0103","scoring_system":"epss","scoring_elements":"0.77447","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1861"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2356046","reference_id":"2356046","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2356046"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff","reference_id":"GHSA-52jp-hrpf-2jff","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-31T12:55:53Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15687","reference_id":"RHSA-2025:15687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4263","reference_id":"RHSA-2025:4263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7418","reference_id":"RHSA-2025:7418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7431","reference_id":"RHSA-2025:7431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7432","reference_id":"RHSA-2025:7432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7489","reference_id":"RHSA-2025:7489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7489"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://usn.ubuntu.com/7400-1/","reference_id":"USN-7400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7400-1/"},{"reference_url":"https://usn.ubuntu.com/7645-1/","reference_id":"USN-7645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7645-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935117?format=json","purl":"pkg:deb/debian/php8.2@8.2.28-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.28-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2025-1861"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrnn-pgxj-xugg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356793?format=json","vulnerability_id":"VCID-q27d-hsgm-nugm","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6722","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45313","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45296","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52813","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52839","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054","reference_id":"1136054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5","reference_id":"GHSA-85c2-q967-79q5","reference_type":"","scores":[{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:M/U:Red"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T13:08:41Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/1108358?format=json","purl":"pkg:deb/debian/php8.2@8.2.31-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.31-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2026-6722"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q27d-hsgm-nugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356788?format=json","vulnerability_id":"VCID-qnmd-zzyr-n3cz","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7258.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7258.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7258","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02094","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02117","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0253","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02523","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7258"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054","reference_id":"1136054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468561","reference_id":"2468561","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468561"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-m8rr-4c36-8gq4","reference_id":"GHSA-m8rr-4c36-8gq4","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:05:55Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-m8rr-4c36-8gq4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/1108358?format=json","purl":"pkg:deb/debian/php8.2@8.2.31-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.31-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2026-7258"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qnmd-zzyr-n3cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356795?format=json","vulnerability_id":"VCID-qrdh-3hu3-f3h1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6735","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08267","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08266","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1454","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14583","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054","reference_id":"1136054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-7qg2-v9fj-4mwv","reference_id":"GHSA-7qg2-v9fj-4mwv","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/S:P/AU:Y/RE:L/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:25:43Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-7qg2-v9fj-4mwv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/1108358?format=json","purl":"pkg:deb/debian/php8.2@8.2.31-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.31-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2026-6735"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrdh-3hu3-f3h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42464?format=json","vulnerability_id":"VCID-qymx-je6t-23a6","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2757.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2757","reference_id":"","reference_type":"","scores":[{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70373","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70266","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70241","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70283","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70316","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70285","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70312","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70362","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70126","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70141","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70118","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70166","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70182","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70205","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.7019","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70178","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.7022","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70229","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70208","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.7026","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70268","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2757"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/12/11","reference_id":"11","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T11:27:03Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/12/11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275068","reference_id":"2275068","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275068"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq","reference_id":"GHSA-fjp9-9hwx-59fq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T11:27:03Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0011/","reference_id":"ntap-20240510-0011","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T11:27:03Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935109?format=json","purl":"pkg:deb/debian/php8.2@0?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@0%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-2757"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qymx-je6t-23a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70594?format=json","vulnerability_id":"VCID-qyx5-b321-2udm","summary":"php: Stream HTTP wrapper header check might omit basic auth header","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1736.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1736","reference_id":"","reference_type":"","scores":[{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65377","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65351","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00519","scoring_system":"epss","scoring_elements":"0.66802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68003","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.67868","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.67878","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.67883","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.67857","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.679","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.6794","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.67909","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.67934","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.6799","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70738","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70701","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70686","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70731","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70633","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70679","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70695","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.70718","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1736"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2356041","reference_id":"2356041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2356041"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528","reference_id":"GHSA-hgf5-96fm-v528","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T12:57:12Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15687","reference_id":"RHSA-2025:15687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4263","reference_id":"RHSA-2025:4263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7418","reference_id":"RHSA-2025:7418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7431","reference_id":"RHSA-2025:7431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7432","reference_id":"RHSA-2025:7432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7489","reference_id":"RHSA-2025:7489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7489"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://usn.ubuntu.com/7400-1/","reference_id":"USN-7400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7400-1/"},{"reference_url":"https://usn.ubuntu.com/7645-1/","reference_id":"USN-7645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7645-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935117?format=json","purl":"pkg:deb/debian/php8.2@8.2.28-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.28-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2025-1736"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qyx5-b321-2udm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65492?format=json","vulnerability_id":"VCID-rh5h-at8n-bfdj","summary":"php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14177.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14177.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14177","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18706","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18455","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18761","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18477","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18557","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1861","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18613","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18566","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18514","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18464","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18486","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18387","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18371","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21788","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21811","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2176","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21669","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2174","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21817","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23449","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30534","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14177"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574","reference_id":"1123574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425626","reference_id":"2425626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425626"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7","reference_id":"GHSA-3237-qqm7-mfv7","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:01:25Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1409","reference_id":"RHSA-2026:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1412","reference_id":"RHSA-2026:1412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1429","reference_id":"RHSA-2026:1429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1628","reference_id":"RHSA-2026:1628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2799","reference_id":"RHSA-2026:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7614","reference_id":"RHSA-2026:7614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7614"},{"reference_url":"https://usn.ubuntu.com/7953-1/","reference_id":"USN-7953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935118?format=json","purl":"pkg:deb/debian/php8.2@8.2.30-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.30-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2025-14177"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rh5h-at8n-bfdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356787?format=json","vulnerability_id":"VCID-ru6p-2zj7-a7gg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6104","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02529","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02534","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03819","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03807","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6104"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054","reference_id":"1136054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-74r9-qxhc-fx53","reference_id":"GHSA-74r9-qxhc-fx53","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/RE:M/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:04:44Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-74r9-qxhc-fx53"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935109?format=json","purl":"pkg:deb/debian/php8.2@0?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@0%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2026-6104"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ru6p-2zj7-a7gg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70596?format=json","vulnerability_id":"VCID-t862-kese-z7ae","summary":"php: libxml streams use wrong content-type header when requesting a redirected resource","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1219.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1219.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1219","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20744","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2057","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20803","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20522","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20598","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20657","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20677","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20583","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20568","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25048","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25805","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25778","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25757","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25684","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25702","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25793","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25786","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25739","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25629","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25696","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1219"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2356043","reference_id":"2356043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2356043"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc","reference_id":"GHSA-p3x9-6h7p-cgfc","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:10:21Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15687","reference_id":"RHSA-2025:15687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4263","reference_id":"RHSA-2025:4263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7418","reference_id":"RHSA-2025:7418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7431","reference_id":"RHSA-2025:7431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7432","reference_id":"RHSA-2025:7432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7489","reference_id":"RHSA-2025:7489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7489"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://usn.ubuntu.com/7400-1/","reference_id":"USN-7400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7400-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935117?format=json","purl":"pkg:deb/debian/php8.2@8.2.28-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.28-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2025-1219"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t862-kese-z7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356790?format=json","vulnerability_id":"VCID-tv6y-3fx4-rkf4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7261","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12824","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12853","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13932","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13929","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7261"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054","reference_id":"1136054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-m33r-qmcv-p97q","reference_id":"GHSA-m33r-qmcv-p97q","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/RE:M/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:14:14Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-m33r-qmcv-p97q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/1108358?format=json","purl":"pkg:deb/debian/php8.2@8.2.31-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.31-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2026-7261"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tv6y-3fx4-rkf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72688?format=json","vulnerability_id":"VCID-ugx8-uqup-n3b4","summary":"php: OOB access in ldap_escape","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8932.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8932.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8932","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51192","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51214","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51137","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51118","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.5117","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51173","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59375","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59267","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59293","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59365","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59237","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5928","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59261","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59241","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59248","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59204","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59252","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59309","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8932"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688","reference_id":"1088688","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327961","reference_id":"2327961","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327961"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff","reference_id":"GHSA-g665-fm4p-vhff","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-22T17:41:35Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff"},{"reference_url":"https://usn.ubuntu.com/7157-1/","reference_id":"USN-7157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7157-1/"},{"reference_url":"https://usn.ubuntu.com/7157-2/","reference_id":"USN-7157-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7157-2/"},{"reference_url":"https://usn.ubuntu.com/7157-3/","reference_id":"USN-7157-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7157-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935113?format=json","purl":"pkg:deb/debian/php8.2@8.2.26-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.26-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-8932"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugx8-uqup-n3b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70595?format=json","vulnerability_id":"VCID-uqrh-9nue-rqgx","summary":"php: Streams HTTP wrapper does not fail for headers with invalid name and no colon","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1734.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1734","reference_id":"","reference_type":"","scores":[{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59546","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59618","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59571","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.5954","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59591","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59603","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59622","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59605","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59585","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59625","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0072","scoring_system":"epss","scoring_elements":"0.72513","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00757","scoring_system":"epss","scoring_elements":"0.73462","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00757","scoring_system":"epss","scoring_elements":"0.73456","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00757","scoring_system":"epss","scoring_elements":"0.73416","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00757","scoring_system":"epss","scoring_elements":"0.73375","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00757","scoring_system":"epss","scoring_elements":"0.73398","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00757","scoring_system":"epss","scoring_elements":"0.73362","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00757","scoring_system":"epss","scoring_elements":"0.73374","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00757","scoring_system":"epss","scoring_elements":"0.73371","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00757","scoring_system":"epss","scoring_elements":"0.73366","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00757","scoring_system":"epss","scoring_elements":"0.73392","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1734"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2356042","reference_id":"2356042","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2356042"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44","reference_id":"GHSA-pcmh-g36c-qc44","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T14:21:51Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15687","reference_id":"RHSA-2025:15687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4263","reference_id":"RHSA-2025:4263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7418","reference_id":"RHSA-2025:7418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7431","reference_id":"RHSA-2025:7431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7432","reference_id":"RHSA-2025:7432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7489","reference_id":"RHSA-2025:7489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7489"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://usn.ubuntu.com/7400-1/","reference_id":"USN-7400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7400-1/"},{"reference_url":"https://usn.ubuntu.com/7645-1/","reference_id":"USN-7645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7645-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935117?format=json","purl":"pkg:deb/debian/php8.2@8.2.28-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.28-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2025-1734"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uqrh-9nue-rqgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68809?format=json","vulnerability_id":"VCID-uush-g6k9-9ffm","summary":"php: pgsql extension does not check for errors during escaping","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1735.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1735.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1735","reference_id":"","reference_type":"","scores":[{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33221","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33187","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33052","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35532","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35525","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35558","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35514","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35493","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35522","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35471","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35234","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35211","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36625","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36693","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36743","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69266","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69338","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.6935","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69298","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.6929","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1735"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378689","reference_id":"2378689","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378689"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3","reference_id":"GHSA-hrwm-9436-5mv3","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T15:58:08Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23309","reference_id":"RHSA-2025:23309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1409","reference_id":"RHSA-2026:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1412","reference_id":"RHSA-2026:1412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2470","reference_id":"RHSA-2026:2470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2470"},{"reference_url":"https://usn.ubuntu.com/7648-1/","reference_id":"USN-7648-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7648-1/"},{"reference_url":"https://usn.ubuntu.com/7648-2/","reference_id":"USN-7648-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7648-2/"},{"reference_url":"https://usn.ubuntu.com/7648-3/","reference_id":"USN-7648-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7648-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2025-1735"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uush-g6k9-9ffm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35778?format=json","vulnerability_id":"VCID-v42g-pabn-yqe7","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8925.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8925.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8925","reference_id":"","reference_type":"","scores":[{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85207","published_at":"2026-05-15T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85149","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85163","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85197","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.84978","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.84995","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85022","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85029","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85045","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85044","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.8504","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85061","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85064","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85085","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85094","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85092","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85107","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85132","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02395","scoring_system":"epss","scoring_elements":"0.85153","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8925"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317049","reference_id":"2317049","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317049"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32","reference_id":"GHSA-9pqp-7h25-4f32","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T12:56:50Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32"},{"reference_url":"https://security.gentoo.org/glsa/202501-11","reference_id":"GLSA-202501-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202501-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10949","reference_id":"RHSA-2024:10949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10950","reference_id":"RHSA-2024:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10951","reference_id":"RHSA-2024:10951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10952","reference_id":"RHSA-2024:10952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7315","reference_id":"RHSA-2025:7315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7315"},{"reference_url":"https://usn.ubuntu.com/7049-1/","reference_id":"USN-7049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7049-1/"},{"reference_url":"https://usn.ubuntu.com/7049-2/","reference_id":"USN-7049-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7049-2/"},{"reference_url":"https://usn.ubuntu.com/7049-3/","reference_id":"USN-7049-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7049-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935116?format=json","purl":"pkg:deb/debian/php8.2@8.2.24-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.24-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-8925"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v42g-pabn-yqe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73710?format=json","vulnerability_id":"VCID-vfx1-jn3w-1fb9","summary":"php: PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8926.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8926.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8926","reference_id":"","reference_type":"","scores":[{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.86069","published_at":"2026-05-15T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.86008","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.86021","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.86059","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85851","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85868","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85872","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85891","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.859","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85915","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85913","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85907","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85925","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.8593","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85921","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85942","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85951","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.8597","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85992","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.8601","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8926"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317050","reference_id":"2317050","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317050"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq","reference_id":"GHSA-p99j-rfp4-xqvq","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T12:55:27Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935116?format=json","purl":"pkg:deb/debian/php8.2@8.2.24-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.24-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-8926"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfx1-jn3w-1fb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42460?format=json","vulnerability_id":"VCID-vz8y-te3y-gqhp","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0662.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0662.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0662","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39559","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39548","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44424","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44091","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44169","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44186","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44126","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44156","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44446","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4438","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44431","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44438","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44455","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44423","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44422","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44479","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44469","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44399","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44297","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44301","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44218","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0662"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368","reference_id":"1031368","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170761","reference_id":"2170761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170761"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv","reference_id":"GHSA-54hq-v5wp-fqgv","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:57:39Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230517-0001/","reference_id":"ntap-20230517-0001","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:57:39Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230517-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5926","reference_id":"RHSA-2023:5926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5927","reference_id":"RHSA-2023:5927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0387","reference_id":"RHSA-2024:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0387"},{"reference_url":"https://usn.ubuntu.com/5902-1/","reference_id":"USN-5902-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5902-1/"},{"reference_url":"https://usn.ubuntu.com/5905-1/","reference_id":"USN-5905-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5905-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935110?format=json","purl":"pkg:deb/debian/php8.2@8.2.4-1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.4-1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2023-0662"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vz8y-te3y-gqhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356789?format=json","vulnerability_id":"VCID-wkxs-uxy4-aycc","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7568","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1292","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12824","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12853","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12911","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054","reference_id":"1136054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-96wq-48vp-hh57","reference_id":"GHSA-96wq-48vp-hh57","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:25:08Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-96wq-48vp-hh57"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/1108358?format=json","purl":"pkg:deb/debian/php8.2@8.2.31-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.31-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2026-7568"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkxs-uxy4-aycc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42466?format=json","vulnerability_id":"VCID-x2s3-ku1g-gfgh","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4577.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4577.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4577","reference_id":"","reference_type":"","scores":[{"value":"0.94374","scoring_system":"epss","scoring_elements":"0.99967","published_at":"2026-05-15T12:55:00Z"},{"value":"0.94374","scoring_system":"epss","scoring_elements":"0.99966","published_at":"2026-04-18T12:55:00Z"},{"value":"0.94393","scoring_system":"epss","scoring_elements":"0.99973","published_at":"2026-04-29T12:55:00Z"},{"value":"0.94393","scoring_system":"epss","scoring_elements":"0.99972","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4577"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/06/07/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/06/07/1"},{"reference_url":"https://github.com/rapid7/metasploit-framework/pull/19247","reference_id":"19247","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://github.com/rapid7/metasploit-framework/pull/19247"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2291281","reference_id":"2291281","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2291281"},{"reference_url":"https://isc.sans.edu/diary/30994","reference_id":"30994","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://isc.sans.edu/diary/30994"},{"reference_url":"https://www.php.net/ChangeLog-8.php#8.1.29","reference_id":"ChangeLog-8.php#8.1.29","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://www.php.net/ChangeLog-8.php#8.1.29"},{"reference_url":"https://www.php.net/ChangeLog-8.php#8.2.20","reference_id":"ChangeLog-8.php#8.2.20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://www.php.net/ChangeLog-8.php#8.2.20"},{"reference_url":"https://www.php.net/ChangeLog-8.php#8.3.8","reference_id":"ChangeLog-8.php#8.3.8","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://www.php.net/ChangeLog-8.php#8.3.8"},{"reference_url":"https://github.com/11whoami99/CVE-2024-4577","reference_id":"CVE-2024-4577","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://github.com/11whoami99/CVE-2024-4577"},{"reference_url":"https://github.com/watchtowrlabs/CVE-2024-4577","reference_id":"CVE-2024-4577","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://github.com/watchtowrlabs/CVE-2024-4577"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52331.py","reference_id":"CVE-2024-4577","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52331.py"},{"reference_url":"https://github.com/xcanwin/CVE-2024-4577-PHP-RCE","reference_id":"CVE-2024-4577-PHP-RCE","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://github.com/xcanwin/CVE-2024-4577-PHP-RCE"},{"reference_url":"https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html","reference_id":"cve-2024-4577-yet-another-php-rce.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html"},{"reference_url":"https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv","reference_id":"GHSA-3qgc-jrrr-25jv","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv"},{"reference_url":"https://security.gentoo.org/glsa/202408-32","reference_id":"GLSA-202408-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-32"},{"reference_url":"https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/","reference_id":"imperva-protects-against-critical-php-vulnerability-cve-2024-4577","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/"},{"reference_url":"https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/","reference_id":"no-way-php-strikes-again-cve-2024-4577","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0008/","reference_id":"ntap-20240621-0008","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240621-0008/"},{"reference_url":"https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/","reference_id":"php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/","reference_id":"PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"},{"reference_url":"https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/","reference_id":"security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/","reference_id":"W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"},{"reference_url":"https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately","reference_id":"warning-php-remote-code-execution-patch-immediately","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/"}],"url":"https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935109?format=json","purl":"pkg:deb/debian/php8.2@0?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@0%3Fdistro=bookworm"},{"url":"http://public2.vulnerablecode.io/api/packages/935107?format=json","purl":"pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}],"aliases":["CVE-2024-4577"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2s3-ku1g-gfgh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm"}