CVE ID :CVE-2026-6735 Published : May 10, 2026, 5:16 a.m. | 35 minutes ago Description :In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code (XSS) on the target's machine when the target is viewing the PHP-FPM status page. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...