Php Security
The latest Php Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Critical PHP Flaw CVE-2024-11235: What Windows Admins Must Do Now
The PHP project quietly shipped a high-severity fix for a memory corruption bug in its March 2025 updates, and Windows administrators running PHP 8.3 or 8.4 need to act fast. CVE-2024-11235—a...
KnpLabs Snappy 1.4.3 Fixes Critical PHAR RCE Bypass — Update Your PHP Apps Now
A critical remote code execution vulnerability in the widely used KnpLabs snappy PHP library has been patched, but only after a previously released fix turned out to be incomplete. The flaw, tracked...
Azure Linux CVE-2024-3096: Critical PHP Password Verify Auth Bypass
A subtle yet critical vulnerability in PHP's core password verification function, tracked as CVE-2024-3096, has been disclosed, potentially allowing attackers to bypass authentication in specific...
Your Microsoft-Hosted PHP Apps Could Be at Risk from CVE-2024-2756 — Here’s How to Verify
Microsoft has confirmed that its Azure Linux distribution is affected by CVE-2024-2756, a PHP vulnerability that could allow attackers to hijack user sessions by tricking servers into accepting...
CVE-2025-14180: Critical PHP PDO PostgreSQL Vulnerability Threatens Windows Servers
A critical vulnerability in PHP's PDO PostgreSQL extension has been disclosed, posing significant risks to Windows servers running web applications with PostgreSQL databases. CVE-2025-14180...
PHP CVE-2025-14177: Critical getimagesize() Vulnerability Exposes Memory Data
A newly disclosed vulnerability in PHP's core image processing functions has security experts urging immediate patching across millions of web servers worldwide. CVE-2025-14177 represents a critical...
CVE-2025-14178: Critical PHP array_merge Heap Overflow Vulnerability Patched
A critical security vulnerability in PHP's core array_merge() function has been patched in the latest updates, addressing a heap buffer overflow that could potentially lead to remote code execution....