CVE-2026-6104 - Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
CVE ID :CVE-2026-6104 Published : May 10, 2026, 6:16 a.m. | 48 minutes ago Description :In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assum
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams
- [CYBER] CVE-2026-45186 - Apache libexpat XML Denial of Service
- [CYBER] CVE-2026-8233 - Dotouch XproUPF access control
- [CYBER] CVE-2026-8232 - Dotouch XproUPF UPF Process libvlib.so vlib_worker_loop denial of service
- [CYBER] CVE-2026-8231 - CodeAstro Online Catering Ordering System deleteorder.php sql injection
- [CYBER] CVE-2026-8235 - 8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection