- preg_match: documentation ( source)
<?php
$regex = '/(?=xyz\K)/';
$subject = "aaaaxyzaaaa";
// Comment/uncomment below as wanted.
// All 3 functions are vulnerable (note, other functions are affected as well)
preg_match($regex, $subject, $matches);