| CVE-2017-9841 |
critical |
— |
10.0 |
|
|
|
4y ago |
PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., exte… |
| CVE-2026-41570 |
high |
7.8 |
7.8 |
|
|
|
26d ago |
PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) as -d name=value command-line argu… |
| CVE-2026-24765 |
unknown |
— |
— |
|
|
|
4mo ago |
PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in… |
