18 matches found
CVE-2026-45072
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.4.24 until 6.4.40, 7.4.12, and 8.0.12, the development profiler fileexcerpt Twig filter escapes PHP files through highlightstring but interpolates lines from non-PHP files directly into...
CVE-2026-45075
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, method-scoped IsGranted, IsSignatureValid, and IsCsrfTokenValid attributes can be configured for GET only, but Symfony routes HEAD requests to the GET handler while the...
CVE-2026-45063
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $SERVER'SSLCLIENTSDN' with an unanchored regex that matches emailAddress= anywhere in the distinguishe...
CVE-2026-45755 Symfony: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...
CVE-2026-45754 Symfony: Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook secrets but did not verify them, allowing unauthenticated POST...
Incorrect Authorization
Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Incorrect Authorization in the router due to the improper enforcement of IsGranted, IsSignatureValid, and IsCsrfTokenValid attributes checks...
Incorrect Authorization
Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to...
Improper Restriction of Communication Channel to Intended Endpoints
Overview PowerShell is a package containing the PowerShell global tool Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints due to improper restriction of the communication channel to intended endpoints. An attacker can gain...
Eval Injection
Overview Affected versions of this package are vulnerable to Eval Injection via the resourceurlproxy function. An attacker can execute arbitrary system commands by supplying crafted input to the enginename attribute, which is evaluated within the application context. PoC require 'ostruct' def...
CVE-2026-23885
Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...
AlchemyCMS security vulnerabilities
AlchemyCMS is an open-source content management system based on the AlchemyCMS – a Rails CMS framework. Vulnerabilities existed in versions prior to 7.4.12 and 8.0.3 of AlchemyCMS. These vulnerabilities stemmed from the use of the Ruby eval function in Alchemy::ResourcesHelperresourceurlproxy,...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.12 security update
An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
CVE-2017-3322
Vulnerability in the MySQL Cluster component of Oracle MySQL subcomponent: Cluster: NDBAPI. Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2016-5541
Vulnerability in the MySQL Cluster component of Oracle MySQL subcomponent: Cluster: NDBAPI. Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
PowerShell LTS v7.4.12 (x64)
PowerShell LTS v7.4.12 x64...