Lucene search
+L

20 matches found

NVD
NVD
added 4 hours ago5 views

CVE-2026-49216

Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, the Stimulus controller in symfony/ux-autocomplete renders AJAX response items in createAutocompleteWithRemoteData by interpolating the text field into HTML template literals $itemlabelField rather than text,...

5.1CVSS
Exploits0References4
Cvelist
Cvelist
added 5 hours ago10 views

CVE-2026-49216 Symfony UX: XSS in symfony/ux-autocomplete via unescaped AJAX response data

Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, the Stimulus controller in symfony/ux-autocomplete renders AJAX response items in createAutocompleteWithRemoteData by interpolating the text field into HTML template literals $itemlabelField rather than text,...

5.1CVSS
Exploits0References4
CVE
CVE
added 5 hours ago38 views

CVE-2026-49216

CVE-2026-49216 (Symfony UX Autocomplete) : The Stimulus controller in symfony/ux-autocomplete renders AJAX response items by interpolating item[labelField] directly into HTML, causing stored XSS when values come from user-supplied content. Affected: 2.2.0 through 2.36.0 and 3.1.0. Impact is that ...

5.1CVSS5.4AI score
Exploits0References4
Cvelist
Cvelist
added 5 hours ago8 views

CVE-2026-49212 Symfony UX: LiveComponentHydrator HMAC checksum lacks component and slot binding

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, the HMAC computed by Symfony\UX\LiveComponent\LiveComponentHydrator covered only sorted prop key/value pairs and did not include the component name, the slot identifier props vs propsFromParent, or request contex...

6.9CVSS
Exploits0References4
CVE
CVE
added 5 hours ago25 views

CVE-2026-49212

The CVE-2026-49212 issue affects Symfony UX LiveComponent: the HMAC used to protect read-only props and the propsFromParent blob did not bind to component name, slot, or request context, allowing a signed blob for one component/slot to be replayed on another and potentially set a read-only prop. ...

6.9CVSS5.2AI score
Exploits0References4
Cvelist
Cvelist
added 5 hours ago7 views

CVE-2026-49209 Symfony UX: Denial of service in symfony/ux-live-component via unbounded batch action requests

Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry; because the array size is never bounded, ...

5.3CVSS
Exploits0References4
CVE
CVE
added 5 hours ago19 views

CVE-2026-49209

The CVE-2026-49209 issue affects Symfony UX LiveComponent’s BatchActionController::__invoke(), which iterates over client-supplied actions and issues a full HttpKernel sub-request per entry. With unbounded action arrays, an authenticated attacker can submit a single _batch request containing thou...

5.3CVSS5.3AI score
Exploits0References4
Snyk
Snyk
added 2026/05/29 10:41 a.m.8 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the EntitySearchUtil::addSearchClause function in the autocomplete endpoint. The endpoint constructs SQL query with LIKE expression without escaping the SQL LIKE wildcar...

8.7CVSS5.6AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/20 3:31 p.m.7 views

cache-extensions (>=1.9.1 <=1.14.1) potentially affected by CVE-2026-46420 via setup-php (>=2.25.0 <=2.36.0)

setup-php NPM version =2.25.0, =1.9.1, =1.14.1 Source cves: CVE-2026-46420 Source advisory: SNYK:JS-SETUPPHP-16874161...

5.5AI score0.01576EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/14 3:46 p.m.6 views

CVE-2026-42281 MagicMirror²: Unauthenticated SSRF via /cors endpoint

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadat...

9.2CVSS6AI score0.01623EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 3:46 p.m.43 views

CVE-2026-42281 MagicMirror²: Unauthenticated SSRF via /cors endpoint

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadat...

9.2CVSS0.01623EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/14 3:46 p.m.21 views

EUVD-2026-30313

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadat...

9.2CVSS6AI score0.01623EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/05 8:53 p.m.11 views

Server-side Request Forgery (SSRF)

Overview magicmirror is a The open source modular smart mirror platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the cors endpoint, which acts as an open HTTP proxy without authentication or URL validation. An attacker can force the server to make...

9.2CVSS5.9AI score0.01623EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2022-30293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WebKitGTK through 2.36.0 and WPE WebKit, there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in...

7.5CVSS6.8AI score0.02158EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.4 views

SUSE CVE-2022-30293

In WebKitGTK through 2.36.0 and WPE WebKit, there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp...

6.5CVSS9.6AI score0.02158EPSS
Exploits1References7
CBLMariner
CBLMariner
added 2022/06/26 3:29 a.m.29 views

CVE-2021-29622 affecting package prometheus for versions less than 2.36.0-2

CVE-2021-29622 affecting package prometheus for versions less than 2.36.0-2. An upgraded version of the package is available that resolves this issue...

6.5CVSS6.6AI score0.1956EPSS
Exploits0
CNNVD
CNNVD
added 2022/05/06 12:0 a.m.5 views

WebKitGTK 缓冲区错误漏洞

WebKitGTK is a full-featured port of the WebKit rendering engine for projects that require any type of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. It provides the full functionality of WebKit for a wide range of systems from desktop computers to embedded syste...

7.5CVSS7.2AI score0.02158EPSS
Exploits1References20
Positive Technologies
Positive Technologies
added 2022/05/06 12:0 a.m.7 views

PT-2022-3506 · Apple +7 · Webkitgtk +8

Name of the Vulnerable Software and Affected Versions: WebKitGTK versions through 2.36.0 WPE WebKit versions through 2.36.0 Description: The issue is related to a heap-based buffer overflow in the WebCore::TextureMapperLayer::setContentsLayer function, located in...

8.8CVSS8.2AI score0.06463EPSS
Exploits2References160
Mageia
Mageia
added 2022/04/13 4:6 p.m.67 views

Updated webkit2 packages fix security vulnerability

The webkit2 package has been updated to version 2.36.0, fixing several security issues and other bugs...

8.8CVSS3.5AI score0.03668EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2020/05/21 9:8 p.m.6 views

ai.preferred:venom (>=4.1.3 <=4.2.5), at.ganzleicht.vaadin:vaadin-client-compiler (>=9.1.1 <=9.1.2) +1594 more potentially affected by CVE-2020-5529 via net.sourceforge.htmlunit:htmlunit (>=1.14 <=2.36.0)

net.sourceforge.htmlunit:htmlunit MAVEN version =1.14, =4.1.3, =9.1.1, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =1, =0.9.6, =0.9.6, =0.1.1, =0.5.0, =0.11.1, =0.30.0 and more Source cves: CVE-2020-5529 Source advisory: OSV:GHSA-5MH9-R3RR-9597...

8.1CVSS6.7AI score0.04719EPSS
Exploits0
Rows per page
Query Builder