4981427 matches found
CVE-2026-45755 Symfony: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...
CVE-2026-45755 Symfony: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...
CVE-2026-45754 Symfony: Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook secrets but did not verify them, allowing unauthenticated POST...
CVE-2026-45754 Symfony: Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook secrets but did not verify them, allowing unauthenticated POST...
CVE-2026-45305 Symfony: YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup used regular expressions with overlapping quantifiers for YAML directive, comment, and document marker cleanup,...
CVE-2026-45305 Symfony: YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup used regular expressions with overlapping quantifiers for YAML directive, comment, and document marker cleanup,...
CVE-2026-45304 Symfony: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection aliases recursively, allowing a small untrusted YAML input to expand into a multi-gigabyte structur...
CVE-2026-45304 Symfony: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection aliases recursively, allowing a small untrusted YAML input to expand into a multi-gigabyte structur...
CVE-2026-45069 Symfony: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...
CVE-2026-45069 Symfony: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...
CVE-2026-47305 Visual Studio Remote Code Execution Vulnerability
...
CVE-2026-47305 Visual Studio Remote Code Execution Vulnerability
...
CVE-2026-47304 .NET Security Feature Bypass Vulnerability
...
CVE-2026-47303 ASP.NET Core Elevation of Privilege Vulnerability
...
CVE-2026-47304 .NET Security Feature Bypass Vulnerability
...
CVE-2026-47303 ASP.NET Core Elevation of Privilege Vulnerability
...
CVE-2026-47302 .NET Denial of Service Vulnerability
...
CVE-2026-47301 Configuration Manager Elevation of Privilege Vulnerability
...
CVE-2026-47301 Configuration Manager Elevation of Privilege Vulnerability
...
CVE-2026-47302 .NET Denial of Service Vulnerability
...