[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-8926":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":50,"duplicate_of":9,"upstream":51,"downstream":52,"duplicates":57,"related":58,"reserved_at":9,"published_at":61,"modified_at":62,"state":63,"summary":64,"references_raw":72,"kevs":84,"epss":85,"epss_history":88,"metrics":346,"affected":357},"CVE-2024-8926","In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":33,"name":34,"techniques":35},"CAPEC-6","Argument Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-88","OS Command Injection",[],[41],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_PHP_PHP-SRC","Php Src","github","https://github.com/php/php-src/commit/fb58e69a84f4fde603a630d2c9df2fa3be16d846","poc",0.3,false,[],[],[],[53,55],{"_key":54},"DSA-5780-1",{"_key":56},"DEBIAN-CVE-2024-8926",[],[59],{"_key":60},"UBUNTU-CVE-2024-8926","2024-10-08T03:48:53.628Z","2025-11-03T22:33:06.473Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":65,"epss_score":66,"severity":67,"severity_score":68,"severity_version":69,"severity_source":70,"severity_vector":71,"severity_status":63},"low",0.02711,"high",8.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[73,80],{"url":74,"sources":75,"tags":77},"https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq",[76,70],"cve.org",[78,79],"Exploit","Vendor Advisory",{"url":81,"sources":82,"tags":83},"https://security.netapp.com/advisory/ntap-20241101-0003/",[76,70],[],[],{"date":86,"score":66,"percentile":87},"2026-06-04",0.86187,[89,93,96,99,102,106,109,112,115,118,121,123,125,128,130,134,137,140,143,146,149,151,154,156,159,162,165,168,171,174,177,180,183,185,187,189,192,195,198,201,204,207,209,212,215,218,221,224,227,230,233,235,238,241,245,248,250,253,256,259,262,265,268,271,273,275,278,281,284,287,289,291,294,296,300,303,306,309,312,315,318,321,324,327,330,333,335,337,339,342],{"date":90,"score":91,"percentile":92},"2025-11-04",0.02391,0.84475,{"date":94,"score":91,"percentile":95},"2025-11-05",0.84479,{"date":97,"score":91,"percentile":98},"2025-11-06",0.84483,{"date":100,"score":91,"percentile":101},"2025-11-07",0.84489,{"date":103,"score":104,"percentile":105},"2025-11-08",0.02149,0.83682,{"date":107,"score":104,"percentile":108},"2025-11-09",0.83677,{"date":110,"score":104,"percentile":111},"2025-11-10",0.83671,{"date":113,"score":104,"percentile":114},"2025-11-11",0.83675,{"date":116,"score":104,"percentile":117},"2025-11-12",0.83688,{"date":119,"score":104,"percentile":120},"2025-11-13",0.83695,{"date":122,"score":104,"percentile":120},"2025-11-14",{"date":124,"score":104,"percentile":117},"2025-11-15",{"date":126,"score":104,"percentile":127},"2025-11-16",0.8369,{"date":129,"score":104,"percentile":117},"2025-11-17",{"date":131,"score":132,"percentile":133},"2025-11-18",0.12488,0.93259,{"date":135,"score":132,"percentile":136},"2025-11-19",0.93264,{"date":138,"score":132,"percentile":139},"2025-11-20",0.93269,{"date":141,"score":104,"percentile":142},"2025-11-21",0.83697,{"date":144,"score":104,"percentile":145},"2025-11-22",0.83694,{"date":147,"score":104,"percentile":148},"2025-11-23",0.83687,{"date":150,"score":104,"percentile":148},"2025-11-24",{"date":152,"score":104,"percentile":153},"2025-11-25",0.83684,{"date":155,"score":104,"percentile":153},"2025-11-26",{"date":157,"score":104,"percentile":158},"2025-11-27",0.83683,{"date":160,"score":104,"percentile":161},"2025-11-28",0.83672,{"date":163,"score":104,"percentile":164},"2025-11-29",0.83686,{"date":166,"score":104,"percentile":167},"2025-11-30",0.83689,{"date":169,"score":104,"percentile":170},"2025-12-01",0.83761,{"date":172,"score":104,"percentile":173},"2025-12-02",0.83764,{"date":175,"score":104,"percentile":176},"2025-12-03",0.83765,{"date":178,"score":104,"percentile":179},"2025-12-04",0.83693,{"date":181,"score":104,"percentile":182},"2025-12-05",0.83698,{"date":184,"score":104,"percentile":120},"2025-12-06",{"date":186,"score":104,"percentile":148},"2025-12-07",{"date":188,"score":104,"percentile":167},"2025-12-08",{"date":190,"score":104,"percentile":191},"2025-12-09",0.83702,{"date":193,"score":104,"percentile":194},"2025-12-10",0.83722,{"date":196,"score":104,"percentile":197},"2025-12-11",0.83736,{"date":199,"score":104,"percentile":200},"2025-12-12",0.83745,{"date":202,"score":104,"percentile":203},"2025-12-13",0.83739,{"date":205,"score":104,"percentile":206},"2025-12-14",0.83738,{"date":208,"score":104,"percentile":206},"2025-12-15",{"date":210,"score":104,"percentile":211},"2025-12-16",0.83746,{"date":213,"score":104,"percentile":214},"2025-12-17",0.83753,{"date":216,"score":104,"percentile":217},"2025-12-18",0.83759,{"date":219,"score":104,"percentile":220},"2025-12-19",0.83763,{"date":222,"score":104,"percentile":223},"2025-12-20",0.83758,{"date":225,"score":104,"percentile":226},"2025-12-21",0.83756,{"date":228,"score":104,"percentile":229},"2025-12-22",0.83752,{"date":231,"score":104,"percentile":232},"2025-12-23",0.83755,{"date":234,"score":104,"percentile":176},"2025-12-24",{"date":236,"score":104,"percentile":237},"2025-12-25",0.8378,{"date":239,"score":104,"percentile":240},"2025-12-26",0.83781,{"date":242,"score":243,"percentile":244},"2025-12-27",0.02438,0.84801,{"date":246,"score":104,"percentile":247},"2025-12-28",0.83766,{"date":249,"score":104,"percentile":220},"2025-12-29",{"date":251,"score":104,"percentile":252},"2025-12-30",0.83769,{"date":254,"score":104,"percentile":255},"2025-12-31",0.83782,{"date":257,"score":104,"percentile":258},"2026-01-01",0.83853,{"date":260,"score":104,"percentile":261},"2026-01-02",0.83851,{"date":263,"score":104,"percentile":264},"2026-01-03",0.83844,{"date":266,"score":104,"percentile":267},"2026-01-04",0.83768,{"date":269,"score":104,"percentile":270},"2026-01-05",0.83762,{"date":272,"score":104,"percentile":267},"2026-01-06",{"date":274,"score":104,"percentile":267},"2026-01-07",{"date":276,"score":104,"percentile":277},"2026-01-08",0.83776,{"date":279,"score":104,"percentile":280},"2026-01-09",0.83778,{"date":282,"score":104,"percentile":283},"2026-01-10",0.83775,{"date":285,"score":104,"percentile":286},"2026-01-11",0.83774,{"date":288,"score":104,"percentile":267},"2026-01-12",{"date":290,"score":104,"percentile":176},"2026-01-13",{"date":292,"score":104,"percentile":293},"2026-01-14",0.83785,{"date":295,"score":104,"percentile":293},"2026-01-15",{"date":297,"score":298,"percentile":299},"2026-01-16",0.01658,0.81625,{"date":301,"score":298,"percentile":302},"2026-01-17",0.81629,{"date":304,"score":298,"percentile":305},"2026-01-18",0.81622,{"date":307,"score":298,"percentile":308},"2026-01-19",0.81617,{"date":310,"score":298,"percentile":311},"2026-01-20",0.81621,{"date":313,"score":298,"percentile":314},"2026-01-21",0.81628,{"date":316,"score":298,"percentile":317},"2026-01-22",0.81636,{"date":319,"score":298,"percentile":320},"2026-01-23",0.8166,{"date":322,"score":298,"percentile":323},"2026-01-24",0.81668,{"date":325,"score":298,"percentile":326},"2026-01-25",0.81661,{"date":328,"score":298,"percentile":329},"2026-01-26",0.81659,{"date":331,"score":298,"percentile":332},"2026-01-27",0.81658,{"date":334,"score":298,"percentile":332},"2026-01-28",{"date":336,"score":298,"percentile":332},"2026-01-29",{"date":338,"score":298,"percentile":332},"2026-01-30",{"date":340,"score":298,"percentile":341},"2026-01-31",0.81663,{"date":343,"score":344,"percentile":345},"2026-02-01",0.02236,0.84233,[347,354],{"source":76,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":348,"cvss_v4_0":9},{"baseScore":349,"baseSeverity":350,"vectorString":351,"impactScore":352,"exploitabilityScore":353},8.1,"HIGH","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",9.8,5.6,{"source":70,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":355,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":350,"vectorString":71,"impactScore":352,"exploitabilityScore":356},7.2,[358,376],{"ecosystem":9,"name":359,"vendor":9,"product":359,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":360},"PHP",[361,368,372],{"version":362,"is_range":363,"range_type":76,"version_start":364,"version_start_type":365,"version_end":366,"version_end_type":367,"fixed_in":9},">= 8.1.*, \u003C 8.1.30",true,"8.1.*","including","8.1.30","excluding",{"version":369,"is_range":363,"range_type":76,"version_start":370,"version_start_type":365,"version_end":371,"version_end_type":367,"fixed_in":9},">= 8.2.*, \u003C 8.2.24","8.2.*","8.2.24",{"version":373,"is_range":363,"range_type":76,"version_start":374,"version_start_type":365,"version_end":375,"version_end_type":367,"fixed_in":9},">= 8.3.*, \u003C 8.3.12","8.3.*","8.3.12",{"ecosystem":9,"name":359,"vendor":9,"product":359,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":377},[378,382,385],{"version":379,"is_range":363,"range_type":380,"version_start":381,"version_start_type":365,"version_end":366,"version_end_type":367,"fixed_in":9},"gte8.1.0_lt8.1.30","cpe","8.1.0",{"version":383,"is_range":363,"range_type":380,"version_start":384,"version_start_type":365,"version_end":371,"version_end_type":367,"fixed_in":9},"gte8.2.0_lt8.2.24","8.2.0",{"version":386,"is_range":363,"range_type":380,"version_start":387,"version_start_type":365,"version_end":375,"version_end_type":367,"fixed_in":9},"gte8.3.0_lt8.3.12","8.3.0"]