Lucene search
+L

6 matches found

Vulnrichment
Vulnrichment
added 2 days ago8 views

CVE-2026-49211 Symfony UX: Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping SQL LIKE wildcards %...

6.9CVSS5.6AI score0.00315EPSS
Exploits0References4
OSV
OSV
added 2026/06/19 7:34 p.m.8 views

GHSA-946H-JP5C-8FVH symfony/ux-autocomplete: Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Description Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping the SQL LIKE wildcards %, , . The value is passed as a bound parameter, so this is not SQL...

6.3CVSS5.9AI score0.00315EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.11 views

symfony/ux-autocomplete: Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Description Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping the SQL LIKE wildcards %, , . The value is passed as a bound parameter, so this is not SQL...

6.9CVSS5.9AI score0.00315EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-51052

Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.2.0 through 2.35.0 Description In the SymfonyUXAutocompleteDoctrineEntitySearchUtil::addSearchClause function, the LIKE expression for the autocomplete endpoint is constructed by wrapping the client-supplied query in %......

6.9CVSS5.5AI score0.00315EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/29 10:41 a.m.8 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the EntitySearchUtil::addSearchClause function in the autocomplete endpoint. The endpoint constructs SQL query with LIKE expression without escaping the SQL LIKE wildcar...

8.7CVSS5.6AI score0.00315EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2026/05/29 8:0 a.m.19 views

symfony/ux-autocomplete Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Description Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping the SQL LIKE wildcards %, , . The value is passed as a bound parameter, so this is not SQL...

6.9CVSS5.9AI score0.00315EPSS
Exploits0Affected Software1
Rows per page
Query Builder