Lucene search
K

49 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-3618

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.01553EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/06/04 3:1 p.m.14 views

Typo3 Arbitrary File Disclosure in Form Component

Failing to properly validate user input, the form component is susceptible to Arbitrary File Disclosure. A valid backend user account is needed to exploit this vulnerability. Only forms are vulnerable, which contain upload fields...

7.1AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/06/04 3:1 p.m.9 views

GHSA-WRPF-2X8H-82GR Typo3 Arbitrary File Disclosure in Form Component

Failing to properly validate user input, the form component is susceptible to Arbitrary File Disclosure. A valid backend user account is needed to exploit this vulnerability. Only forms are vulnerable, which contain upload fields...

7.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/06/03 7:42 p.m.12 views

TYPO3 Cross-Site Scripting (XSS) in form component

Failing to sanitize content from unauthenticated website visitors, the form component is susceptible to Cross-Site Scripting...

7.1AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/06/03 7:42 p.m.8 views

GHSA-5J86-5XVG-7Q93 TYPO3 Cross-Site Scripting (XSS) in form component

Failing to sanitize content from unauthenticated website visitors, the form component is susceptible to Cross-Site Scripting...

7.1AI score
Exploits0References3
OSV
OSV
added 2024/06/03 7:41 p.m.8 views

GHSA-VGM8-R9GM-FW59 TYPO3 Cross-Site Scripting in legacy form component

Failing to sanitize content from editors, the legacy form component is susceptible to Cross-Site Scripting. A valid editor account with access to a form content element is required to exploit this vulnerability...

7AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.2 views

SUSE CVE-2014-6438

The URI.decodewwwformcomponent method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service catastrophic regular expression backtracking, resource consumption, or application crash via a crafted string...

7.5CVSS9AI score0.04128EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 10:0 p.m.58 views

Deserialization of Untrusted Data in Apache Tapestry

By manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this...

9.8CVSS3AI score0.14866EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:25 a.m.21 views

Symfony Vulnerable to Timing Attack

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the 1 Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or 2...

7.5CVSS7.2AI score0.02545EPSS
Exploits0References14Affected Software4
Github Security Blog
Github Security Blog
added 2022/05/14 2:41 a.m.34 views

Symfony SSRF Vulnerability via Form Component

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to...

6.5CVSS6.3AI score0.01553EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2022/05/14 2:41 a.m.18 views

GHSA-CQQH-94R6-WJRG Symfony SSRF Vulnerability via Form Component

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to...

6.5CVSS6.4AI score0.01553EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/02/01 12:0 a.m.1 views

PT-2022-6951 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony versions prior to the patch versions listed Description: The issue is related to insufficient authentication of executed requests in the Symfony framework, which can allow a remote attacker to perform a CSRF attack. The Symfony form...

9.3CVSS8.5AI score0.00566EPSS
Exploits0References14
Prion
Prion
added 2019/09/16 4:15 p.m.29 views

Deserialization of untrusted data

Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbo...

7.5CVSS9.3AI score0.14866EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2019/09/16 3:37 p.m.52 views

CVE-2019-0195

Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbo...

9.3AI score0.14866EPSS
Exploits0References7
Symfony
Symfony
added 2018/12/06 12:0 a.m.61 views

CVE-2018-19789: Disclosure of uploaded files full path

Affected versions Symfony 2.7.0 to 2.7.49, 2.8.0 to 2.8.48, 3.0.0 to 3.4.19, 4.0.0 to 4.0.14, 4.1.0 to 4.1.8 and 4.2.0 versions of the Symfony Form component are affected by this security issue. The issue has been fixed in Symfony 2.7.50, 2.8.49, 3.4.20, 4.0.15, 4.1.9 and 4.2.1. Note that no fixe...

5.3CVSS6AI score0.03589EPSS
Exploits0
Symfony
Symfony
added 2018/12/06 12:0 a.m.89 views

CVE-2018-19790: Open Redirect Vulnerability when using Security\Http

Affected versions Symfony 2.7.0 to 2.7.49, 2.8.0 to 2.8.48, 3.0.0 to 3.4.19, 4.0.0 to 4.0.14, 4.1.0 to 4.1.8 and 4.2.0 versions of the Symfony Form component are affected by this security issue. The issue has been fixed in Symfony 2.7.50, 2.8.49, 3.4.20, 4.0.15, 4.1.9 and 4.2.1. Note that no fixe...

6.1CVSS6.2AI score0.01485EPSS
Exploits0
Prion
Prion
added 2018/08/06 9:29 p.m.24 views

Design/Logic Flaw

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to...

4CVSS6.5AI score0.01553EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2018/08/06 9:29 p.m.17 views

CVE-2017-16790

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to...

6.5CVSS9.1AI score0.01553EPSS
Exploits0References2
Symfony
Symfony
added 2017/11/17 12:0 a.m.60 views

CVE-2017-16790: Ensure that submitted data are uploaded files

Affected versions Symfony 2.7.0 to 2.7.37, 2.8.0 to 2.8.30, 3.2.0 to 3.2.13, and 3.3.0 to 3.3.12 versions of the Symfony Form component are affected by this security issue. The issue has been fixed in Symfony 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. Note that no fixes are provide...

6.5CVSS6.4AI score0.01553EPSS
Exploits0
CNVD
CNVD
added 2017/09/07 12:0 a.m.2 views

Ruby URI.decode_www_form_component Method Denial of Service Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A security vulnerability exists in the URI.decodewwwformcomponent method in Ruby versions prior to 1.9.2-p330. A remote attacker can exploit this...

7.5CVSS7.5AI score0.04128EPSS
Exploits0References1
Rows per page
Query Builder