PHP security audit reveals 27 vulnerabilities. Quarkslab nevertheless rates PHP codebase as positive. Update strongly recommended.

New exploits for a two-year-old PHP vulnerability popped up in October that allow hackers to run code on websites running vulnerable versions of the web development framework.

The PHP Group released PHP 4.3.1 and PHP 5.0.3 which plug serious security holes in implementations of the popular Web site scripting language, the group said in a statement on it's Web site.

UPDATE Developers at PHP recently pushed out a series of patches to fix a handful of vulnerabilities, including one that can lead to a heap-based buffer overflow.. Researchers at the Swiss firm ...

Exploitation of a critical-severity vulnerability affecting Windows-based PHP installations has impacted organizations in the U.S., according to a researcher at threat intelligence firm GreyNoise.

The CVE-2012-2311 vulnerability, also known as CVE-2012-1823, was publicly disclosed last week and prompted the PHP Group to release PHP 5.3.12 and PHP 5.4.2 as emergency security updates in order ...

Since the Dependency Graph feature is intertwined with the Security Alerts (Vulnerability Alerts) feature, this also means GitHub users will also be eligible to receive automatic security alerts ...

CVE-2024-4577, a critical argument-injection vulnerability that affects PHP installations in Windows systems, has come under widespread exploitation in several countries such as the U.S. and ...

The vulnerability is identified as CVE-2012-0830 and was discovered by Stefan Esser, an independent security consultant and creator of the popular Suhosin security extension for PHP.