Lucene search
+L

18 matches found

nvd
nvd
added 3 days ago4 views

CVE-2026-45072

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.4.24 until 6.4.40, 7.4.12, and 8.0.12, the development profiler fileexcerpt Twig filter escapes PHP files through highlightstring but interpolates lines from non-PHP files directly into...

5.4CVSS0.00232EPSS
Exploits0References5
nvd
nvd
added 3 days ago5 views

CVE-2026-45075

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, method-scoped IsGranted, IsSignatureValid, and IsCsrfTokenValid attributes can be configured for GET only, but Symfony routes HEAD requests to the GET handler while the...

8.3CVSS0.00382EPSS
Exploits0References3
nvd
nvd
added 3 days ago4 views

CVE-2026-45063

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $SERVER'SSLCLIENTSDN' with an unanchored regex that matches emailAddress= anywhere in the distinguishe...

9.1CVSS0.00323EPSS
Exploits0References6
osv
osv
added 3 days ago3 views

CVE-2026-45755 Symfony: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...

6.9CVSS6.1AI score0.00238EPSS
Exploits0References6
osv
osv
added 3 days ago2 views

CVE-2026-45754 Symfony: Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook secrets but did not verify them, allowing unauthenticated POST...

6.9CVSS6.1AI score0.00348EPSS
Exploits0References8
snyk
snyk
added 2026/05/20 3:35 p.m.11 views

Incorrect Authorization

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Incorrect Authorization in the router due to the improper enforcement of IsGranted, IsSignatureValid, and IsCsrfTokenValid attributes checks...

8.6CVSS5.8AI score0.00382EPSS
Exploits0References2
snyk
snyk
added 2026/05/20 3:35 p.m.10 views

Incorrect Authorization

Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to...

8.6CVSS5.8AI score0.00382EPSS
Exploits0References2
snyk
snyk
added 2026/02/13 8:2 p.m.3 views

Improper Restriction of Communication Channel to Intended Endpoints

Overview PowerShell is a package containing the PowerShell global tool Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints due to improper restriction of the communication channel to intended endpoints. An attacker can gain...

7.3CVSS5.7AI score0.00302EPSS
Exploits0References2
snyk
snyk
added 2026/01/19 9:46 p.m.4 views

Eval Injection

Overview Affected versions of this package are vulnerable to Eval Injection via the resourceurlproxy function. An attacker can execute arbitrary system commands by supplying crafted input to the enginename attribute, which is evaluated within the application context. PoC require 'ostruct' def...

9.9CVSS6AI score0.00426EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/01/19 9:9 p.m.5 views

CVE-2026-23885

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

6.4CVSS6AI score0.00426EPSS
Exploits0References6Affected Software1
cnnvd
cnnvd
added 2026/01/19 12:0 a.m.8 views

AlchemyCMS security vulnerabilities

AlchemyCMS is an open-source content management system based on the AlchemyCMS – a Rails CMS framework. Vulnerabilities existed in versions prior to 7.4.12 and 8.0.3 of AlchemyCMS. These vulnerabilities stemmed from the use of the Ruby eval function in Alchemy::ResourcesHelperresourceurlproxy,...

9.9CVSS6.2AI score0.00426EPSS
Exploits0References6
redhat
redhat
added 2023/08/07 3:19 p.m.47 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

7.5CVSS6.6AI score0.02044EPSS
Exploits2References27
redhat
redhat
added 2023/08/07 3:18 p.m.49 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

7.5CVSS6.6AI score0.02044EPSS
Exploits2References27
redhat
redhat
added 2023/08/07 3:18 p.m.69 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.6AI score0.02044EPSS
Exploits2References27
redhat
redhat
added 2023/08/07 3:2 p.m.62 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.12 security update

An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS6.6AI score0.02044EPSS
Exploits2References26
osv
osv
added 2017/01/27 10:59 p.m.3 views

CVE-2017-3322

Vulnerability in the MySQL Cluster component of Oracle MySQL subcomponent: Cluster: NDBAPI. Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

3.7CVSS5.8AI score0.01561EPSS
Exploits0References3
osv
osv
added 2017/01/27 10:59 p.m.4 views

CVE-2016-5541

Vulnerability in the MySQL Cluster component of Oracle MySQL subcomponent: Cluster: NDBAPI. Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.8CVSS5.8AI score0.04983EPSS
Exploits0References5
msupdate
msupdate
added 1976/01/01 12:0 a.m.4 views

PowerShell LTS v7.4.12 (x64)

PowerShell LTS v7.4.12 x64...

7AI score
Exploits0
Rows per page
Query Builder