In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??=  operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??=  operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??=  operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.

Reference counting in php_request_shutdown causes Use-After-Free

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code seq ...

Reference counting in php_request_shutdown causes Use-After-Free

Уязвимость функции php_request_shutdown интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код

Security update for php7

Security update for php7

Security update for php8

Security update for php8

Important: php security update

ELSA-2025-7489: php security update (IMPORTANT)

ELSA-2025-7418: php:8.3 security update (IMPORTANT)

Множественные уязвимости php 8.3

Множественные уязвимости php 8.2

Множественные уязвимости php 8.1