Skip to main content
CVE-2015-0273 HIGH POC THREAT Act Now

Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.2%.

RCE PHP
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
71.2%
Threat
5.1
CVE-2015-2331 HIGH POC THREAT Act Now

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.7%.

Denial Of Service RCE PHP Buffer Overflow Libzip +3
NVD
CVSS 2.0
7.5
EPSS
42.7%
Threat
4.3
CVE-2015-2787 HIGH POC THREAT Act Now

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.4%.

Deserialization RCE PHP Mac Os X Enterprise Linux Desktop +6
NVD GitHub
CVSS 2.0
7.5
EPSS
36.4%
Threat
4.1
CVE-2014-9705 HIGH POC THREAT Act Now

Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.2%.

RCE PHP Buffer Overflow
NVD
CVSS 2.0
7.5
EPSS
35.2%
Threat
4.1
CVE-2015-1351 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%.

Memory Corruption PHP Denial Of Service Use After Free Secure Backup +3
NVD
CVSS 2.0
7.5
EPSS
19.1%
CVE-2015-2301 HIGH POC THREAT Act Now

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Memory Corruption PHP Denial Of Service Use After Free Ubuntu Linux +9
NVD
CVSS 2.0
7.5
EPSS
11.2%
CVE-2015-2792 HIGH POC This Week

The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wpml
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-9653 HIGH This Week

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PHP File Debian Linux
NVD GitHub
CVSS 2.0
7.5
EPSS
6.8%
CVE-2015-0283 HIGH This Week

The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Slapi Nis
NVD
CVSS 2.0
7.8
EPSS
1.8%
CVE-2015-2171 HIGH PATCH This Week

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Slim
NVD GitHub
CVSS 2.0
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy