This page collects WhisperX intelligence signals tagged #PHP. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical vulnerability has been identified in the WordPress Sentinel plugin, stemming from improper handling of user input. The flaw resides in the plugin's failure to apply the `wp_unslash()` function to `$_POST` superglobal arrays before sanitizing them with functions like `sanitize_text_field`. Because WordPress a...
A security advisory on GitHub highlights a potential denial-of-service (DoS) vector within a PHP data handling mechanism. The core issue is that all data processed through the `php://temp` stream is loaded into memory, with the system only defaulting to disk storage after exceeding 2 MB. This design means a very large ...
A critical security oversight has been identified in the admin interface of a PHP application. A `TODO` comment explicitly marking a missing permission check was left unimplemented in the source code, potentially exposing sensitive administrative statistics to unauthorized users. The vulnerability resides in the `Abstr...
A high-severity vulnerability, CVE-2026-33416, has been automatically detected in a series of official PHP container images, exposing deployments based on Alpine Linux 3.23. The flaw originates from an outdated `libpng` library (version 1.6.55-r0) within the Alpine 3.23.3 base layer, which lacks the security fix availa...
A critical security scan has flagged a high-severity vulnerability, CVE-2026-33636, actively present in multiple production-ready PHP container images. The flaw stems from an outdated `libpng` library (version 1.6.55-r0) within the Alpine Linux 3.23.3 base image, for which a fixed version (1.6.56-r0) is available. This...
A critical security scan has flagged a high-severity vulnerability, CVE-2026-32636, that remains unresolved in container images built on Alpine Linux 3.23. The flaw, detected by automated Trivy scans, is actively present in specific PHP 8.5 images, indicating a persistent supply chain risk for developers and deployment...
A critical security vulnerability, CVE-2026-30937, remains unresolved in specific PHP container images, posing a persistent medium-severity risk. An automated Trivy scan confirmed the flaw is still present even after a rebuild, indicating a deeper dependency issue within the Alpine Linux 3.23.3 base layer. The vulnerab...
A critical security vulnerability, CVE-2026-31853, remains unresolved in specific PHP container images, posing a persistent medium-severity risk. Automated scans confirm the flaw is still present even after rebuild attempts, indicating a systemic patching failure within the affected software supply chain. This unresolv...
A critical security vulnerability, CVE-2026-30936, remains unpatched in specific PHP container images, posing a persistent medium-severity risk. Automated scans confirm the flaw is still present even after rebuild attempts, indicating a systemic issue with the underlying Alpine Linux base image. This unresolved exposur...
An automated Trivy security scan has flagged a persistent, unresolved vulnerability in critical container images. The medium-severity flaw, CVE-2026-30935, remains active in PHP 8.5 images built on the Alpine Linux 3.23.3 base, specifically affecting both the `cli` and `fpm` variants. Despite a rebuild attempt, the vul...
A critical security vulnerability, CVE-2026-30931, remains unresolved in widely used PHP container images, posing a persistent high-severity risk. An automated Trivy scan has confirmed the flaw is still present even after rebuild attempts, indicating a systemic issue within the underlying Alpine Linux 3.23.3 base layer...
A critical security vulnerability, CVE-2026-30929, remains unpatched in widely used PHP container images, exposing deployments to a high-severity risk. An automated Trivy scan has confirmed the flaw persists even after rebuild attempts, indicating a systemic issue within the upstream Alpine Linux 3.23 branch. The vulne...
A critical security vulnerability, CVE-2026-30883, remains unpatched in widely used PHP container images, posing a persistent high-severity risk. An automated Trivy scan has confirmed the flaw is still present even after rebuild attempts, indicating a systemic supply chain issue. The vulnerability is rooted in outdated...
A critical security vulnerability, CVE-2026-28691, remains unresolved in specific PHP container images, posing a persistent high-severity risk. Automated scans by Trivy have confirmed the flaw is still present even after rebuild attempts, indicating a systemic issue with the underlying base image. The vulnerability is ...
An automated security scan has flagged a persistent medium-severity vulnerability, CVE-2026-28692, within critical PHP container images. The flaw, linked to outdated ImageMagick libraries, remains unresolved even after attempted rebuilds, indicating a systemic patching failure in the software supply chain. This leaves ...
A critical security vulnerability, CVE-2026-28690, remains unresolved in specific PHP container images, posing a persistent medium-severity risk. Automated scans confirm the flaw is still present even after rebuild attempts, indicating a systemic patching failure within the Alpine Linux 3.23 ecosystem. This unresolved ...
A critical security vulnerability, CVE-2026-28689, remains unresolved in specific PHP container images, posing a persistent medium-severity risk. Automated scans confirm the flaw is still present even after rebuild attempts, indicating a systemic patching failure within the affected software supply chain. This unresolv...
An automated Trivy security scan has flagged an unresolved medium-severity vulnerability, CVE-2026-28686, within container images built on Alpine Linux 3.23. The vulnerability persists even after a rebuild, indicating a systemic supply chain issue affecting downstream PHP deployments. The flaw is tied to outdated Image...
A critical security flaw in the widely used PHPUnit testing framework exposes countless applications to remote code execution. The vulnerability, tracked as CVE-2026-24765, resides in the framework's handling of code coverage data during PHPT test execution. Specifically, the `cleanupForCoverage()` method deserializes ...
A Semgrep security scan has automatically flagged a critical Cross-Site Scripting (XSS) vulnerability within a PHP codebase. The finding indicates that user-controlled data is being directly output to the browser without proper sanitization, creating a direct path for potential client-side attacks. This type of flaw is...