Lucene search
+L

15 matches found

CVE
CVE
added yesterday19 views

CVE-2026-49209

The CVE-2026-49209 issue affects Symfony UX LiveComponent’s BatchActionController::__invoke(), which iterates over client-supplied actions and issues a full HttpKernel sub-request per entry. With unbounded action arrays, an authenticated attacker can submit a single _batch request containing thou...

5.3CVSS5.3AI score
Exploits0References4
Cvelist
Cvelist
added yesterday12 views

CVE-2026-49209 Symfony UX: Denial of service in symfony/ux-live-component via unbounded batch action requests

Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry; because the array size is never bounded, ...

5.3CVSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.11 views

symfony/ux-live-component: Denial of service via unbounded batch action requests

Description Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry event subscribers, validators, Doctrine, rendering. The array size is never bounded, so an authenticated client can...

5.3CVSS5.8AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51050

Name of the Vulnerable Software and Affected Versions Symfony UX Live Component versions prior to 2.x Symfony UX Live Component versions prior to 3.x Description The BatchActionController:: invoke function iterates over a client-supplied actions array and issues a full HttpKernel sub-request for...

5.3CVSS5.9AI score
Exploits0References8
Snyk
Snyk
added 2026/05/29 10:41 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview symfony/ux-live-component is a Live components for Symfony Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded processing of client-supplied actions in BatchActionController::invoke. An attacker can cause denial of servic...

7.1CVSS5.4AI score
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

WordPress plugin Media Library Assistant 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.1CVSS5.8AI score0.00203EPSS
Exploits0References11
Snyk
Snyk
added 2026/04/01 8:30 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via batch operation. An attacker can perform unauthorized operations such as signaling, deleting, or resetting workflows or activities in another namespace by manipulating the namespace...

4.9CVSS5.9AI score0.00248EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 2:11 p.m.6 views

BIT-JOOMLA-2020-8419

An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities...

8.8CVSS7.2AI score0.00452EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:49 p.m.8 views

Malicious code in batch-actions (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:49 p.m.11 views

MAL-2024-6755 Malicious code in batch-actions (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
Code423n4
Code423n4
added 2021/09/08 12:0 a.m.9 views

Privilige escalation in ERC1155

Handle cmichel Vulnerability details Vulnerability Details The ERC1155.checkPostTransferEvent function allows the from address to specify trades that are executed by the to address if to approved msg.sender. Impact An approved account can execute arbitrary batch actions on behalf of the approver,...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/01/30 12:0 a.m.38 views

Joomla! 3.x < 3.9.15 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A cross-site request forgery CSRF exists in versions 3.0.0 to 3.9.14 due to a missing token checks in the batch actions of various components CVE-2020-8419 - A cross-site...

8.8CVSS7.6AI score0.01181EPSS
Exploits0References7
Prion
Prion
added 2020/01/28 9:15 p.m.19 views

Cross site request forgery (csrf)

An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities...

6.8CVSS8.6AI score0.00452EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/01/28 12:0 a.m.7 views

PT-2020-20124 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.15 Description: An issue was discovered in Joomla! where missing token checks in the batch actions of various components cause CSRF vulnerabilities. Recommendations: For versions prior to 3.9.15, update to versio...

8.8CVSS7.2AI score0.00452EPSS
Exploits0References6
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/12/23 12:0 a.m.24 views

[20200101] - Core - CSRF in batch actions

Missing token checks in the batch actions of various components causes CSRF vulnerabilities...

8.8CVSS8.4AI score0.00452EPSS
Exploits0Affected Software1
Rows per page
Query Builder