[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2010-2950":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":38,"duplicate_of":9,"upstream":39,"downstream":40,"duplicates":51,"related":52,"reserved_at":9,"published_at":56,"modified_at":57,"state":58,"summary":59,"references_raw":67,"kevs":124,"epss":125,"epss_history":128,"metrics":392,"affected":397},"CVE-2010-2950","Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-134","Use of Externally-Controlled Format String","The product uses a function that accepts a format string as an argument, but the format string originates from an external source.","weakness","Draft","Base","High",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-135","Format String Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-67","String Format Overflow in syslog()",[],[29],{"_key":30,"name":31,"source":32,"url":33,"maturity":34,"reliability_score":35,"verified":36,"type":9,"platforms":37,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_27D7CFE1676C7A09","Exploit Reference (lists.opensuse.org)","reference","http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html","unknown",0.2,false,[],[],[],[41,43,45,47,49],{"_key":42},"RHSA-2012:1046",{"_key":44},"RHSA-2012:1047",{"_key":46},"OPENSUSE-SU-2024:10290-1",{"_key":48},"OPENSUSE-SU-2024:10344-1",{"_key":50},"OPENSUSE-SU-2024:11169-1",[],[53,54,55],{"_key":46},{"_key":48},{"_key":50},"2010-09-28T17:00:00.000Z","2024-08-07T02:55:45.552Z","Modified",{"cisa_kev":36,"cisa_ransomware":36,"cisa_vendor":9,"epss_severity":60,"epss_score":61,"severity":62,"severity_score":63,"severity_version":64,"severity_source":65,"severity_vector":66,"severity_status":58},"low",0.00673,"medium",6.8,"v2.0","nvd","AV:N/AC:M/Au:N/C:P/I:P/A:P",[68,75,80,85,90,94,98,103,108,112,116,120],{"url":69,"sources":70,"tags":72},"http://marc.info/?l=bugtraq&m=130331363227777&w=2",[71,65],"cve.org",[73,74],"Vendor Advisory","X Refsource HP",{"url":76,"sources":77,"tags":78},"http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/index.html",[71,65],[79],"X Refsource MISC",{"url":81,"sources":82,"tags":83},"http://www.php.net/releases/5_3_4.php",[71,65],[84],"X Refsource CONFIRM",{"url":86,"sources":87,"tags":88},"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html",[71,65],[73,89],"X Refsource APPLE",{"url":91,"sources":92,"tags":93},"http://www.php.net/ChangeLog-5.php",[71,65],[84],{"url":95,"sources":96,"tags":97},"http://security-tracker.debian.org/tracker/CVE-2010-2950",[71,65],[84],{"url":99,"sources":100,"tags":101},"http://www.mandriva.com/security/advisories?name=MDVSA-2010:254",[71,65],[73,102],"X Refsource MANDRIVA",{"url":33,"sources":104,"tags":105},[71,65],[73,106,107],"X Refsource SUSE","Exploit",{"url":109,"sources":110,"tags":111},"http://www.php.net/archive/2010.php#id2010-12-10-1",[71,65],[84],{"url":113,"sources":114,"tags":115},"https://bugzilla.redhat.com/show_bug.cgi?id=598537",[71,65],[84],{"url":117,"sources":118,"tags":119},"http://svn.php.net/viewvc?view=revision&revision=302565",[71,65],[84],{"url":121,"sources":122,"tags":123},"http://support.apple.com/kb/HT4581",[71,65],[84],[],{"date":126,"score":61,"percentile":127},"2026-06-04",0.71805,[129,132,135,138,141,143,146,149,152,155,158,161,164,167,170,173,176,179,182,184,187,190,193,196,199,202,204,207,211,214,217,220,223,226,229,232,235,238,241,244,247,250,253,256,259,262,265,268,271,274,276,279,282,285,289,292,294,297,300,303,306,309,312,315,318,321,324,327,330,332,335,338,341,344,347,350,353,356,358,360,363,366,369,372,375,377,380,383,386,389],{"date":130,"score":61,"percentile":131},"2025-11-04",0.70593,{"date":133,"score":61,"percentile":134},"2025-11-05",0.70578,{"date":136,"score":61,"percentile":137},"2025-11-06",0.70576,{"date":139,"score":61,"percentile":140},"2025-11-07",0.70591,{"date":142,"score":61,"percentile":131},"2025-11-08",{"date":144,"score":61,"percentile":145},"2025-11-09",0.70585,{"date":147,"score":61,"percentile":148},"2025-11-10",0.70571,{"date":150,"score":61,"percentile":151},"2025-11-11",0.70579,{"date":153,"score":61,"percentile":154},"2025-11-12",0.70601,{"date":156,"score":61,"percentile":157},"2025-11-13",0.70609,{"date":159,"score":61,"percentile":160},"2025-11-14",0.70616,{"date":162,"score":61,"percentile":163},"2025-11-15",0.70617,{"date":165,"score":61,"percentile":166},"2025-11-16",0.70612,{"date":168,"score":61,"percentile":169},"2025-11-17",0.70606,{"date":171,"score":61,"percentile":172},"2025-11-18",0.69092,{"date":174,"score":61,"percentile":175},"2025-11-19",0.69098,{"date":177,"score":61,"percentile":178},"2025-11-20",0.69104,{"date":180,"score":61,"percentile":181},"2025-11-21",0.70627,{"date":183,"score":61,"percentile":163},"2025-11-22",{"date":185,"score":61,"percentile":186},"2025-11-23",0.70598,{"date":188,"score":61,"percentile":189},"2025-11-24",0.70592,{"date":191,"score":61,"percentile":192},"2025-11-25",0.70595,{"date":194,"score":61,"percentile":195},"2025-11-26",0.706,{"date":197,"score":61,"percentile":198},"2025-11-27",0.70599,{"date":200,"score":61,"percentile":201},"2025-11-28",0.70588,{"date":203,"score":61,"percentile":137},"2025-11-29",{"date":205,"score":61,"percentile":206},"2025-11-30",0.70569,{"date":208,"score":209,"percentile":210},"2025-12-01",0.00314,0.54138,{"date":212,"score":209,"percentile":213},"2025-12-02",0.54154,{"date":215,"score":209,"percentile":216},"2025-12-03",0.54149,{"date":218,"score":61,"percentile":219},"2025-12-04",0.70575,{"date":221,"score":61,"percentile":222},"2025-12-05",0.70587,{"date":224,"score":61,"percentile":225},"2025-12-06",0.7059,{"date":227,"score":61,"percentile":228},"2025-12-07",0.70589,{"date":230,"score":61,"percentile":231},"2025-12-08",0.70594,{"date":233,"score":61,"percentile":234},"2025-12-09",0.70626,{"date":236,"score":61,"percentile":237},"2025-12-10",0.70661,{"date":239,"score":61,"percentile":240},"2025-12-11",0.70683,{"date":242,"score":61,"percentile":243},"2025-12-12",0.70708,{"date":245,"score":61,"percentile":246},"2025-12-13",0.70709,{"date":248,"score":61,"percentile":249},"2025-12-14",0.7071,{"date":251,"score":61,"percentile":252},"2025-12-15",0.70706,{"date":254,"score":61,"percentile":255},"2025-12-16",0.70714,{"date":257,"score":61,"percentile":258},"2025-12-17",0.7073,{"date":260,"score":61,"percentile":261},"2025-12-18",0.70755,{"date":263,"score":61,"percentile":264},"2025-12-19",0.7077,{"date":266,"score":61,"percentile":267},"2025-12-20",0.70768,{"date":269,"score":61,"percentile":270},"2025-12-21",0.70763,{"date":272,"score":61,"percentile":273},"2025-12-22",0.70762,{"date":275,"score":61,"percentile":273},"2025-12-23",{"date":277,"score":61,"percentile":278},"2025-12-24",0.70771,{"date":280,"score":61,"percentile":281},"2025-12-25",0.70796,{"date":283,"score":61,"percentile":284},"2025-12-26",0.70797,{"date":286,"score":287,"percentile":288},"2025-12-27",0.0047,0.6398,{"date":290,"score":61,"percentile":291},"2025-12-28",0.70767,{"date":293,"score":61,"percentile":270},"2025-12-29",{"date":295,"score":61,"percentile":296},"2025-12-30",0.70779,{"date":298,"score":61,"percentile":299},"2025-12-31",0.70801,{"date":301,"score":209,"percentile":302},"2026-01-01",0.54309,{"date":304,"score":209,"percentile":305},"2026-01-02",0.54288,{"date":307,"score":209,"percentile":308},"2026-01-03",0.54281,{"date":310,"score":61,"percentile":311},"2026-01-04",0.70802,{"date":313,"score":61,"percentile":314},"2026-01-05",0.70795,{"date":316,"score":61,"percentile":317},"2026-01-06",0.708,{"date":319,"score":61,"percentile":320},"2026-01-07",0.70816,{"date":322,"score":61,"percentile":323},"2026-01-08",0.70835,{"date":325,"score":61,"percentile":326},"2026-01-09",0.70843,{"date":328,"score":61,"percentile":329},"2026-01-10",0.7084,{"date":331,"score":61,"percentile":323},"2026-01-11",{"date":333,"score":61,"percentile":334},"2026-01-12",0.70825,{"date":336,"score":61,"percentile":337},"2026-01-13",0.70823,{"date":339,"score":61,"percentile":340},"2026-01-14",0.70846,{"date":342,"score":61,"percentile":343},"2026-01-15",0.70851,{"date":345,"score":61,"percentile":346},"2026-01-16",0.70869,{"date":348,"score":61,"percentile":349},"2026-01-17",0.70862,{"date":351,"score":61,"percentile":352},"2026-01-18",0.70842,{"date":354,"score":61,"percentile":355},"2026-01-19",0.70834,{"date":357,"score":61,"percentile":352},"2026-01-20",{"date":359,"score":61,"percentile":340},"2026-01-21",{"date":361,"score":61,"percentile":362},"2026-01-22",0.70859,{"date":364,"score":61,"percentile":365},"2026-01-23",0.7089,{"date":367,"score":61,"percentile":368},"2026-01-24",0.70896,{"date":370,"score":61,"percentile":371},"2026-01-25",0.70871,{"date":373,"score":61,"percentile":374},"2026-01-26",0.70867,{"date":376,"score":61,"percentile":346},"2026-01-27",{"date":378,"score":61,"percentile":379},"2026-01-28",0.70885,{"date":381,"score":61,"percentile":382},"2026-01-29",0.70884,{"date":384,"score":61,"percentile":385},"2026-01-30",0.70892,{"date":387,"score":61,"percentile":388},"2026-01-31",0.70895,{"date":390,"score":209,"percentile":391},"2026-02-01",0.5427,[393],{"source":65,"cvss_v2_0":394,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":63,"baseSeverity":9,"vectorString":66,"impactScore":395,"exploitabilityScore":396},6.4,8.6,[398],{"ecosystem":9,"name":399,"vendor":9,"product":399,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":400},"PHP",[401,404,406,408],{"version":402,"is_range":36,"range_type":403,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.3.0","cpe",{"version":405,"is_range":36,"range_type":403,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.3.1",{"version":407,"is_range":36,"range_type":403,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.3.2",{"version":409,"is_range":36,"range_type":403,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.3.3"]