php8-embed (SUSE:Linux Enterprise Module for Web and Scripting 15 SP6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Web and Scripting 15 SP6 package php8-embed, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (17)
CVE-2025-1861 — CVSS 9.8 (critical): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in…
CVE-2024-8932 — CVSS 9.8 (critical): In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on…
CVE-2024-11236 — CVSS 9.8 (critical): In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on…
CVE-2024-11235 — CVSS 8.1 (high): In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead…
CVE-2024-8927 — CVSS 7.5 (high): In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or…
CVE-2025-1736 — CVSS 7.3 (high): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers…
CVE-2025-1735 — CVSS 5.9 (medium): In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if…
CVE-2025-6491 — CVSS 5.9 (medium): In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP…
CVE-2024-8929 — CVSS 5.8 (medium): In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the…
CVE-2025-1734 — CVSS 5.3 (medium): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from…
CVE-2025-1219 — CVSS 5.3 (medium): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP…
CVE-2024-11233 — CVSS 4.8 (medium): In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter…
CVE-2024-11234 — CVSS 4.8 (medium): In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and…
CVE-2025-1220 — CVSS 3.7 (low): In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack…
CVE-2024-9026 — CVSS 3.3 (low): In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch…
CVE-2025-1217 — CVSS 3.1 (low): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module…
CVE-2024-8925 — CVSS 3.1 (low): In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an…