[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2015-8866":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":33,"duplicate_of":9,"upstream":34,"downstream":35,"duplicates":50,"related":51,"reserved_at":9,"published_at":56,"modified_at":57,"state":58,"summary":59,"references_raw":67,"kevs":130,"epss":131,"epss_history":134,"metrics":389,"affected":400},"CVE-2015-8866","ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-611","Improper Restriction of XML External Entity Reference","The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-221","Data Serialization External Entities Blowup",[],[24],{"_key":25,"name":26,"source":27,"url":28,"maturity":29,"reliability_score":30,"verified":31,"type":9,"platforms":32,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_6328137622133010","Exploit Reference (bugs.php.net)","reference","https://bugs.php.net/bug.php?id=64938","unknown",0.2,false,[],[],[],[36,38,40,42,44,46,48],{"_key":37},"SUSE-SU-2016:1581-1",{"_key":39},"SUSE-SU-2016:1277-1",{"_key":41},"SUSE-SU-2016:1310-1",{"_key":43},"SUSE-SU-2016:1638-1",{"_key":45},"DLA-499-1",{"_key":47},"UBUNTU-CVE-2015-8866",{"_key":49},"RHSA-2016:2750",[],[52,53,54,55],{"_key":37},{"_key":39},{"_key":41},{"_key":43},"2016-05-22T01:00:00.000Z","2024-08-06T08:29:22.085Z","Modified",{"cisa_kev":31,"cisa_ransomware":31,"cisa_vendor":9,"epss_severity":60,"epss_score":61,"severity":62,"severity_score":63,"severity_version":64,"severity_source":65,"severity_vector":66,"severity_status":58},"low",0.03531,"critical",9.6,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",[68,76,81,87,92,96,101,105,111,117,121,126],{"url":69,"sources":70,"tags":72},"http://www.ubuntu.com/usn/USN-2952-1",[71,65],"cve.org",[73,74,75],"Vendor Advisory","X Refsource UBUNTU","Third Party Advisory",{"url":77,"sources":78,"tags":79},"http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=de31324c221c1791b26350ba106cc26bad23ace9",[71,65],[80],"X Refsource CONFIRM",{"url":82,"sources":83,"tags":84},"https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817",[71,65],[80,85,86,75],"Issue Tracking","Patch",{"url":88,"sources":89,"tags":90},"http://rhn.redhat.com/errata/RHSA-2016-2750.html",[71,65],[73,91,75],"X Refsource REDHAT",{"url":93,"sources":94,"tags":95},"http://www.ubuntu.com/usn/USN-2952-2",[71,65],[73,74,75],{"url":97,"sources":98,"tags":99},"http://www.php.net/ChangeLog-5.php",[71,65],[80,100,73],"Release Notes",{"url":28,"sources":102,"tags":103},[71,65],[80,104,85,86,73],"Exploit",{"url":106,"sources":107,"tags":108},"http://www.securityfocus.com/bid/87470",[71,65],[109,110,75],"VDB Entry","X Refsource BID",{"url":112,"sources":113,"tags":114},"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html",[71,65],[73,115,116,75],"X Refsource SUSE","Mailing List",{"url":118,"sources":119,"tags":120},"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html",[71,65],[73,115,116,75],{"url":122,"sources":123,"tags":124},"http://www.openwall.com/lists/oss-security/2016/04/24/1",[71,65],[116,125,86,75],"X Refsource MLIST",{"url":127,"sources":128,"tags":129},"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html",[71,65],[73,115,116,75],[],{"date":132,"score":61,"percentile":133},"2026-06-04",0.87871,[135,139,142,145,148,151,154,157,160,163,166,169,172,174,177,180,183,186,189,192,194,197,199,201,203,206,209,212,215,218,221,224,227,230,233,235,238,241,244,247,250,252,255,257,260,263,266,268,271,273,276,279,282,285,289,292,295,298,301,304,307,309,312,315,318,321,324,326,329,331,334,337,340,342,345,347,349,351,354,357,360,363,366,369,371,374,377,380,383,386],{"date":136,"score":137,"percentile":138},"2025-11-04",0.03049,0.86167,{"date":140,"score":137,"percentile":141},"2025-11-05",0.8617,{"date":143,"score":137,"percentile":144},"2025-11-06",0.86169,{"date":146,"score":137,"percentile":147},"2025-11-07",0.86178,{"date":149,"score":137,"percentile":150},"2025-11-08",0.8618,{"date":152,"score":137,"percentile":153},"2025-11-09",0.86175,{"date":155,"score":137,"percentile":156},"2025-11-10",0.86177,{"date":158,"score":137,"percentile":159},"2025-11-11",0.86181,{"date":161,"score":137,"percentile":162},"2025-11-12",0.86192,{"date":164,"score":137,"percentile":165},"2025-11-13",0.86198,{"date":167,"score":137,"percentile":168},"2025-11-14",0.86201,{"date":170,"score":137,"percentile":171},"2025-11-15",0.86194,{"date":173,"score":137,"percentile":162},"2025-11-16",{"date":175,"score":137,"percentile":176},"2025-11-17",0.86176,{"date":178,"score":137,"percentile":179},"2025-11-18",0.85439,{"date":181,"score":137,"percentile":182},"2025-11-19",0.85441,{"date":184,"score":137,"percentile":185},"2025-11-20",0.85442,{"date":187,"score":137,"percentile":188},"2025-11-21",0.8619,{"date":190,"score":137,"percentile":191},"2025-11-22",0.86185,{"date":193,"score":137,"percentile":159},"2025-11-23",{"date":195,"score":137,"percentile":196},"2025-11-24",0.86183,{"date":198,"score":137,"percentile":196},"2025-11-25",{"date":200,"score":137,"percentile":196},"2025-11-26",{"date":202,"score":137,"percentile":196},"2025-11-27",{"date":204,"score":137,"percentile":205},"2025-11-28",0.86166,{"date":207,"score":137,"percentile":208},"2025-11-29",0.86237,{"date":210,"score":137,"percentile":211},"2025-11-30",0.86236,{"date":213,"score":137,"percentile":214},"2025-12-01",0.86291,{"date":216,"score":137,"percentile":217},"2025-12-02",0.86293,{"date":219,"score":137,"percentile":220},"2025-12-03",0.86292,{"date":222,"score":137,"percentile":223},"2025-12-04",0.8623,{"date":225,"score":137,"percentile":226},"2025-12-05",0.86231,{"date":228,"score":137,"percentile":229},"2025-12-06",0.86228,{"date":231,"score":137,"percentile":232},"2025-12-07",0.86214,{"date":234,"score":137,"percentile":232},"2025-12-08",{"date":236,"score":137,"percentile":237},"2025-12-09",0.8622,{"date":239,"score":137,"percentile":240},"2025-12-10",0.86239,{"date":242,"score":137,"percentile":243},"2025-12-11",0.86245,{"date":245,"score":137,"percentile":246},"2025-12-12",0.86248,{"date":248,"score":137,"percentile":249},"2025-12-13",0.86243,{"date":251,"score":137,"percentile":240},"2025-12-14",{"date":253,"score":137,"percentile":254},"2025-12-15",0.86235,{"date":256,"score":137,"percentile":249},"2025-12-16",{"date":258,"score":137,"percentile":259},"2025-12-17",0.86247,{"date":261,"score":137,"percentile":262},"2025-12-18",0.86254,{"date":264,"score":137,"percentile":265},"2025-12-19",0.86256,{"date":267,"score":137,"percentile":262},"2025-12-20",{"date":269,"score":137,"percentile":270},"2025-12-21",0.86255,{"date":272,"score":137,"percentile":259},"2025-12-22",{"date":274,"score":137,"percentile":275},"2025-12-23",0.86251,{"date":277,"score":137,"percentile":278},"2025-12-24",0.86257,{"date":280,"score":137,"percentile":281},"2025-12-25",0.86268,{"date":283,"score":137,"percentile":284},"2025-12-26",0.86272,{"date":286,"score":287,"percentile":288},"2025-12-27",0.01976,0.83165,{"date":290,"score":137,"percentile":291},"2025-12-28",0.86265,{"date":293,"score":137,"percentile":294},"2025-12-29",0.86258,{"date":296,"score":137,"percentile":297},"2025-12-30",0.86266,{"date":299,"score":137,"percentile":300},"2025-12-31",0.86275,{"date":302,"score":137,"percentile":303},"2026-01-01",0.86334,{"date":305,"score":137,"percentile":306},"2026-01-02",0.86337,{"date":308,"score":137,"percentile":306},"2026-01-03",{"date":310,"score":137,"percentile":311},"2026-01-04",0.86278,{"date":313,"score":137,"percentile":314},"2026-01-05",0.86273,{"date":316,"score":137,"percentile":317},"2026-01-06",0.86276,{"date":319,"score":137,"percentile":320},"2026-01-07",0.86277,{"date":322,"score":137,"percentile":323},"2026-01-08",0.86287,{"date":325,"score":137,"percentile":323},"2026-01-09",{"date":327,"score":137,"percentile":328},"2026-01-10",0.86283,{"date":330,"score":137,"percentile":320},"2026-01-11",{"date":332,"score":137,"percentile":333},"2026-01-12",0.86274,{"date":335,"score":137,"percentile":336},"2026-01-13",0.8627,{"date":338,"score":137,"percentile":339},"2026-01-14",0.86284,{"date":341,"score":137,"percentile":328},"2026-01-15",{"date":343,"score":137,"percentile":344},"2026-01-16",0.86288,{"date":346,"score":137,"percentile":220},"2026-01-17",{"date":348,"score":137,"percentile":217},"2026-01-18",{"date":350,"score":137,"percentile":323},"2026-01-19",{"date":352,"score":137,"percentile":353},"2026-01-20",0.86282,{"date":355,"score":61,"percentile":356},"2026-01-21",0.8731,{"date":358,"score":61,"percentile":359},"2026-01-22",0.87313,{"date":361,"score":61,"percentile":362},"2026-01-23",0.87325,{"date":364,"score":61,"percentile":365},"2026-01-24",0.87333,{"date":367,"score":61,"percentile":368},"2026-01-25",0.8733,{"date":370,"score":61,"percentile":368},"2026-01-26",{"date":372,"score":61,"percentile":373},"2026-01-27",0.87331,{"date":375,"score":61,"percentile":376},"2026-01-28",0.87334,{"date":378,"score":61,"percentile":379},"2026-01-29",0.87337,{"date":381,"score":61,"percentile":382},"2026-01-30",0.8734,{"date":384,"score":61,"percentile":385},"2026-01-31",0.87339,{"date":387,"score":61,"percentile":388},"2026-02-01",0.87407,[390],{"source":65,"cvss_v2_0":391,"cvss_v3_0":9,"cvss_v3_1":396,"cvss_v4_0":9},{"baseScore":392,"baseSeverity":9,"vectorString":393,"impactScore":394,"exploitabilityScore":395},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":63,"baseSeverity":397,"vectorString":66,"impactScore":398,"exploitabilityScore":399},"CRITICAL",10,7.2,[401,414,420,424,450,457],{"ecosystem":9,"name":402,"vendor":403,"product":404,"cpe_part":405,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":406},"ubuntu linux","canonical","ubuntu_linux","o",[407,410,412],{"version":408,"is_range":31,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":411,"is_range":31,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":413,"is_range":31,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.10",{"ecosystem":9,"name":415,"vendor":416,"product":415,"cpe_part":405,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":417},"leap","opensuse",[418],{"version":419,"is_range":31,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"42.1",{"ecosystem":9,"name":416,"vendor":416,"product":416,"cpe_part":405,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":421},[422],{"version":423,"is_range":31,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"13.2",{"ecosystem":9,"name":425,"vendor":9,"product":425,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":426},"PHP",[427,434,438,442,446],{"version":428,"is_range":429,"range_type":409,"version_start":430,"version_start_type":431,"version_end":432,"version_end_type":433,"fixed_in":9},"gte5.5.0_lt5.5.22",true,"5.5.0","including","5.5.22","excluding",{"version":435,"is_range":429,"range_type":409,"version_start":436,"version_start_type":431,"version_end":437,"version_end_type":433,"fixed_in":9},"gte5.6.0_lt5.6.6","5.6.0","5.6.6",{"version":439,"is_range":429,"range_type":409,"version_start":440,"version_start_type":431,"version_end":441,"version_end_type":433,"fixed_in":9},"gte7.0.0_lt7.0.27","7.0.0","7.0.27",{"version":443,"is_range":429,"range_type":409,"version_start":444,"version_start_type":431,"version_end":445,"version_end_type":433,"fixed_in":9},"gte7.1.0_lt7.1.13","7.1.0","7.1.13",{"version":447,"is_range":429,"range_type":409,"version_start":448,"version_start_type":431,"version_end":449,"version_end_type":433,"fixed_in":9},"gte7.2.0_lt7.2.1","7.2.0","7.2.1",{"ecosystem":9,"name":451,"vendor":452,"product":453,"cpe_part":405,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":454},"linux enterprise module for web scripting","suse","linux_enterprise_module_for_web_scripting",[455],{"version":456,"is_range":31,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12",{"ecosystem":9,"name":458,"vendor":452,"product":459,"cpe_part":405,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"linux enterprise software development kit","linux_enterprise_software_development_kit",[461,462],{"version":456,"is_range":31,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":463,"is_range":31,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12:sp1"]