[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-9026":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":227,"aliases":237,"duplicate_of":9,"upstream":238,"downstream":239,"duplicates":272,"related":273,"reserved_at":9,"published_at":284,"modified_at":285,"state":286,"summary":287,"references_raw":294,"kevs":310,"epss":311,"epss_history":314,"metrics":585,"affected":593},"CVE-2024-9026","In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.",null,[11,205,220],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-117","Improper Output Neutralization for Logs","The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.","weakness","Draft","Base","Medium",[20,197,201],{"id":21,"name":22,"techniques":23},"CAPEC-268","Audit Log Manipulation",[24,105,129,186],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1070","Indicator Removal",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0005","Stealth",[35,40,44,48,52,56,61,66,70,75,80,85,89,93,97,101],{"id":36,"name":37,"tactic":38},"D3-AEM","Application Exception Monitoring",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-OPM","Operational Process Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-SFA","System File Analysis",{"name":39},{"id":49,"name":50,"tactic":51},"D3-FA","File Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":57,"name":58,"tactic":59},"D3-FEV","File Eviction",{"name":60},"Evict",{"id":62,"name":63,"tactic":64},"D3-DNR","Decoy Network Resource",{"name":65},"Deceive",{"id":67,"name":68,"tactic":69},"D3-DF","Decoy File",{"name":65},{"id":71,"name":72,"tactic":73},"D3-FE","File Encryption",{"name":74},"Harden",{"id":76,"name":77,"tactic":78},"D3-RF","Restore File",{"name":79},"Restore",{"id":81,"name":82,"tactic":83},"D3-NRAM","Network Resource Access Mediation",{"name":84},"Isolate",{"id":86,"name":87,"tactic":88},"D3-CF","Content Filtering",{"name":84},{"id":90,"name":91,"tactic":92},"D3-LFP","Local File Permissions",{"name":84},{"id":94,"name":95,"tactic":96},"D3-RFAM","Remote File Access Mediation",{"name":84},{"id":98,"name":99,"tactic":100},"D3-CQ","Content Quarantine",{"name":84},{"id":102,"name":103,"tactic":104},"D3-CM","Content Modification",{"name":84},{"id":106,"name":107,"tactics":108,"countermeasures":111},"T1562.002","Disable Windows Event Logging",[109,110],{"id":29,"name":30},{"id":32,"name":33},[112,117,121,125],{"id":113,"name":114,"tactic":115},"D3-CI","Configuration Inventory",{"name":116},"Model",{"id":118,"name":119,"tactic":120},"D3-DRA","Disable Remote Access",{"name":74},{"id":122,"name":123,"tactic":124},"D3-ACH","Application Configuration Hardening",{"name":74},{"id":126,"name":127,"tactic":128},"D3-RC","Restore Configuration",{"name":79},{"id":130,"name":131,"tactics":132,"countermeasures":135},"T1562.003","Impair Command History Logging",[133,134],{"id":29,"name":30},{"id":32,"name":33},[136,138,140,142,146,150,152,156,158,160,162,164,166,168,170,172,174,176,178,182],{"id":113,"name":114,"tactic":137},{"name":116},{"id":49,"name":50,"tactic":139},{"name":39},{"id":53,"name":54,"tactic":141},{"name":39},{"id":143,"name":144,"tactic":145},"D3-DA","Dynamic Analysis",{"name":39},{"id":147,"name":148,"tactic":149},"D3-EFA","Emulated File Analysis",{"name":39},{"id":57,"name":58,"tactic":151},{"name":60},{"id":153,"name":154,"tactic":155},"D3-RKD","Registry Key Deletion",{"name":60},{"id":67,"name":68,"tactic":157},{"name":65},{"id":118,"name":119,"tactic":159},{"name":74},{"id":122,"name":123,"tactic":161},{"name":74},{"id":71,"name":72,"tactic":163},{"name":74},{"id":126,"name":127,"tactic":165},{"name":79},{"id":76,"name":77,"tactic":167},{"name":79},{"id":98,"name":99,"tactic":169},{"name":84},{"id":86,"name":87,"tactic":171},{"name":84},{"id":90,"name":91,"tactic":173},{"name":84},{"id":94,"name":95,"tactic":175},{"name":84},{"id":102,"name":103,"tactic":177},{"name":84},{"id":179,"name":180,"tactic":181},"D3-EAL","Executable Allowlisting",{"name":84},{"id":183,"name":184,"tactic":185},"D3-EDL","Executable Denylisting",{"name":84},{"id":187,"name":188,"tactics":189,"countermeasures":192},"T1562.008","Disable or Modify Cloud Logs",[190,191],{"id":29,"name":30},{"id":32,"name":33},[193,195],{"id":113,"name":114,"tactic":194},{"name":116},{"id":126,"name":127,"tactic":196},{"name":79},{"id":198,"name":199,"techniques":200},"CAPEC-81","Web Server Logs Tampering",[],{"id":202,"name":203,"techniques":204},"CAPEC-93","Log Injection-Tampering-Forging",[],{"_key":206,"id":206,"name":207,"description":208,"type":15,"status":209,"abstraction":210,"likelihood_of_exploit":9,"capec":211},"CWE-158","Improper Neutralization of Null Byte or NUL Character","The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.","Incomplete","Variant",[212,216],{"id":213,"name":214,"techniques":215},"CAPEC-52","Embedding NULL Bytes",[],{"id":217,"name":218,"techniques":219},"CAPEC-53","Postfix, Null Terminate, and Backslash",[],{"_key":221,"id":221,"name":222,"description":223,"type":224,"status":225,"abstraction":9,"likelihood_of_exploit":9,"capec":226},"NVD-CWE-OTHER","Other","NVD uses this CWE ID when the weakness does not map to any existing CWE entry.","placeholder","NVD-Reserved",[],[228],{"_key":229,"name":230,"source":231,"url":232,"maturity":233,"reliability_score":234,"verified":235,"type":9,"platforms":236,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_PHP_PHP-SRC","Php Src","github","https://github.com/php/php-src/commit/fb58e69a84f4fde603a630d2c9df2fa3be16d846","poc",0.3,false,[],[],[],[240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270],{"_key":241},"SUSE-SU-2024:3732-1",{"_key":243},"SUSE-SU-2024:3664-1",{"_key":245},"SUSE-SU-2024:3729-1",{"_key":247},"SUSE-SU-2024:3733-1",{"_key":249},"OPENSUSE-SU-2024:14376-1",{"_key":251},"DLA-3920-1",{"_key":253},"DSA-5780-1",{"_key":255},"RHSA-2024:10949",{"_key":257},"RHSA-2024:10950",{"_key":259},"RHSA-2024:10951",{"_key":261},"RHSA-2024:10952",{"_key":263},"RHSA-2025:7315",{"_key":265},"MGASA-2024-0328",{"_key":267},"USN-7049-1",{"_key":269},"UBUNTU-CVE-2024-9026",{"_key":271},"DEBIAN-CVE-2024-9026",[],[274,275,276,277,278,279,280,282],{"_key":241},{"_key":243},{"_key":245},{"_key":247},{"_key":249},{"_key":265},{"_key":281},"CGA-8H2H-CVQG-M4JQ",{"_key":283},"CGA-47XV-RQP6-HGCM","2024-10-08T04:07:33.452Z","2025-11-03T22:33:15.254Z","Modified",{"cisa_kev":235,"cisa_ransomware":235,"cisa_vendor":9,"epss_severity":288,"epss_score":289,"severity":288,"severity_score":290,"severity_version":291,"severity_source":292,"severity_vector":293,"severity_status":286},"low",0.00667,3.3,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",[295,302,306],{"url":296,"sources":297,"tags":299},"https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5",[292,298],"nvd",[300,301],"Exploit","Vendor Advisory",{"url":303,"sources":304,"tags":305},"https://security.netapp.com/advisory/ntap-20241101-0003/",[292,298],[],{"url":307,"sources":308,"tags":309},"https://lists.debian.org/debian-lts-announce/2024/10/msg00011.html",[292,298],[],[],{"date":312,"score":289,"percentile":313},"2026-06-04",0.71655,[315,319,322,325,328,331,334,337,340,343,346,349,351,354,357,361,364,367,371,374,377,380,383,386,388,390,393,396,399,403,406,409,412,415,418,421,424,427,430,433,436,438,440,443,446,449,452,455,458,461,464,466,469,471,475,478,481,484,487,490,493,497,500,504,507,510,513,516,520,523,526,529,532,535,538,541,544,547,550,553,555,558,561,564,567,570,572,576,579,582],{"date":316,"score":317,"percentile":318},"2025-11-04",0.00736,0.72021,{"date":320,"score":317,"percentile":321},"2025-11-05",0.72005,{"date":323,"score":317,"percentile":324},"2025-11-06",0.72002,{"date":326,"score":317,"percentile":327},"2025-11-07",0.72017,{"date":329,"score":317,"percentile":330},"2025-11-08",0.72015,{"date":332,"score":317,"percentile":333},"2025-11-09",0.72008,{"date":335,"score":317,"percentile":336},"2025-11-10",0.71997,{"date":338,"score":317,"percentile":339},"2025-11-11",0.72003,{"date":341,"score":317,"percentile":342},"2025-11-12",0.7202,{"date":344,"score":317,"percentile":345},"2025-11-13",0.72028,{"date":347,"score":317,"percentile":348},"2025-11-14",0.72035,{"date":350,"score":317,"percentile":348},"2025-11-15",{"date":352,"score":317,"percentile":353},"2025-11-16",0.72032,{"date":355,"score":317,"percentile":356},"2025-11-17",0.72024,{"date":358,"score":359,"percentile":360},"2025-11-18",0.00107,0.24551,{"date":362,"score":359,"percentile":363},"2025-11-19",0.24577,{"date":365,"score":359,"percentile":366},"2025-11-20",0.2459,{"date":368,"score":369,"percentile":370},"2025-11-21",0.00755,0.72455,{"date":372,"score":369,"percentile":373},"2025-11-22",0.72448,{"date":375,"score":369,"percentile":376},"2025-11-23",0.72431,{"date":378,"score":317,"percentile":379},"2025-11-24",0.72016,{"date":381,"score":317,"percentile":382},"2025-11-25",0.72019,{"date":384,"score":317,"percentile":385},"2025-11-26",0.72025,{"date":387,"score":317,"percentile":385},"2025-11-27",{"date":389,"score":317,"percentile":330},"2025-11-28",{"date":391,"score":317,"percentile":392},"2025-11-29",0.72006,{"date":394,"score":317,"percentile":395},"2025-11-30",0.72001,{"date":397,"score":317,"percentile":398},"2025-12-01",0.72127,{"date":400,"score":401,"percentile":402},"2025-12-02",0.0077,0.72849,{"date":404,"score":401,"percentile":405},"2025-12-03",0.72846,{"date":407,"score":401,"percentile":408},"2025-12-04",0.72716,{"date":410,"score":401,"percentile":411},"2025-12-05",0.72725,{"date":413,"score":401,"percentile":414},"2025-12-06",0.72724,{"date":416,"score":401,"percentile":417},"2025-12-07",0.72728,{"date":419,"score":401,"percentile":420},"2025-12-08",0.7273,{"date":422,"score":401,"percentile":423},"2025-12-09",0.72761,{"date":425,"score":401,"percentile":426},"2025-12-10",0.72793,{"date":428,"score":401,"percentile":429},"2025-12-11",0.72812,{"date":431,"score":401,"percentile":432},"2025-12-12",0.72834,{"date":434,"score":401,"percentile":435},"2025-12-13",0.72848,{"date":437,"score":401,"percentile":405},"2025-12-14",{"date":439,"score":401,"percentile":402},"2025-12-15",{"date":441,"score":401,"percentile":442},"2025-12-16",0.72865,{"date":444,"score":401,"percentile":445},"2025-12-17",0.72879,{"date":447,"score":401,"percentile":448},"2025-12-18",0.72902,{"date":450,"score":401,"percentile":451},"2025-12-19",0.72933,{"date":453,"score":401,"percentile":454},"2025-12-20",0.72932,{"date":456,"score":401,"percentile":457},"2025-12-21",0.72926,{"date":459,"score":401,"percentile":460},"2025-12-22",0.72925,{"date":462,"score":401,"percentile":463},"2025-12-23",0.72915,{"date":465,"score":401,"percentile":457},"2025-12-24",{"date":467,"score":401,"percentile":468},"2025-12-25",0.72954,{"date":470,"score":401,"percentile":468},"2025-12-26",{"date":472,"score":473,"percentile":474},"2025-12-27",0.01009,0.76602,{"date":476,"score":401,"percentile":477},"2025-12-28",0.72929,{"date":479,"score":401,"percentile":480},"2025-12-29",0.72924,{"date":482,"score":401,"percentile":483},"2025-12-30",0.72938,{"date":485,"score":401,"percentile":486},"2025-12-31",0.72967,{"date":488,"score":401,"percentile":489},"2026-01-01",0.73113,{"date":491,"score":401,"percentile":492},"2026-01-02",0.73112,{"date":494,"score":495,"percentile":496},"2026-01-03",0.00854,0.74551,{"date":498,"score":495,"percentile":499},"2026-01-04",0.74419,{"date":501,"score":502,"percentile":503},"2026-01-05",0.00994,0.76391,{"date":505,"score":401,"percentile":506},"2026-01-06",0.72978,{"date":508,"score":401,"percentile":509},"2026-01-07",0.7299,{"date":511,"score":401,"percentile":512},"2026-01-08",0.73003,{"date":514,"score":401,"percentile":515},"2026-01-09",0.73007,{"date":517,"score":518,"percentile":519},"2026-01-10",0.0079,0.73369,{"date":521,"score":518,"percentile":522},"2026-01-11",0.73359,{"date":524,"score":518,"percentile":525},"2026-01-12",0.73348,{"date":527,"score":518,"percentile":528},"2026-01-13",0.73346,{"date":530,"score":518,"percentile":531},"2026-01-14",0.73371,{"date":533,"score":518,"percentile":534},"2026-01-15",0.7338,{"date":536,"score":518,"percentile":537},"2026-01-16",0.73396,{"date":539,"score":518,"percentile":540},"2026-01-17",0.73393,{"date":542,"score":518,"percentile":543},"2026-01-18",0.73368,{"date":545,"score":518,"percentile":546},"2026-01-19",0.73354,{"date":548,"score":518,"percentile":549},"2026-01-20",0.73357,{"date":551,"score":518,"percentile":552},"2026-01-21",0.73362,{"date":554,"score":518,"percentile":519},"2026-01-22",{"date":556,"score":518,"percentile":557},"2026-01-23",0.73398,{"date":559,"score":401,"percentile":560},"2026-01-24",0.7305,{"date":562,"score":401,"percentile":563},"2026-01-25",0.73035,{"date":565,"score":401,"percentile":566},"2026-01-26",0.73032,{"date":568,"score":401,"percentile":569},"2026-01-27",0.73036,{"date":571,"score":401,"percentile":560},"2026-01-28",{"date":573,"score":574,"percentile":575},"2026-01-29",0.00661,0.7064,{"date":577,"score":574,"percentile":578},"2026-01-30",0.70649,{"date":580,"score":574,"percentile":581},"2026-01-31",0.70654,{"date":583,"score":574,"percentile":584},"2026-02-01",0.70786,[586,591],{"source":292,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":587,"cvss_v4_0":9},{"baseScore":290,"baseSeverity":588,"vectorString":293,"impactScore":589,"exploitabilityScore":590},"LOW",2.3,4.6,{"source":298,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":592,"cvss_v4_0":9},{"baseScore":290,"baseSeverity":588,"vectorString":293,"impactScore":589,"exploitabilityScore":590},[594,612],{"ecosystem":9,"name":595,"vendor":9,"product":595,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":596},"PHP",[597,604,608],{"version":598,"is_range":599,"range_type":292,"version_start":600,"version_start_type":601,"version_end":602,"version_end_type":603,"fixed_in":9},">= 8.1.*, \u003C 8.1.30",true,"8.1.*","including","8.1.30","excluding",{"version":605,"is_range":599,"range_type":292,"version_start":606,"version_start_type":601,"version_end":607,"version_end_type":603,"fixed_in":9},">= 8.2.*, \u003C 8.2.24","8.2.*","8.2.24",{"version":609,"is_range":599,"range_type":292,"version_start":610,"version_start_type":601,"version_end":611,"version_end_type":603,"fixed_in":9},">= 8.3.*, \u003C 8.3.12","8.3.*","8.3.12",{"ecosystem":9,"name":595,"vendor":9,"product":595,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":613},[614,618,621],{"version":615,"is_range":599,"range_type":616,"version_start":617,"version_start_type":601,"version_end":602,"version_end_type":603,"fixed_in":9},"gte8.1.0_lt8.1.30","cpe","8.1.0",{"version":619,"is_range":599,"range_type":616,"version_start":620,"version_start_type":601,"version_end":607,"version_end_type":603,"fixed_in":9},"gte8.2.0_lt8.2.24","8.2.0",{"version":622,"is_range":599,"range_type":616,"version_start":623,"version_start_type":601,"version_end":611,"version_end_type":603,"fixed_in":9},"gte8.3.0_lt8.3.12","8.3.0"]