Lucene search
+L

7 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-49211

Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping SQL LIKE wildcards %...

6.9CVSS0.00315EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-49211 Symfony UX: Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 until 2.36.0 and 3.1.0, Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping SQL LIKE wildcards %...

6.9CVSS0.00315EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.11 views

symfony/ux-autocomplete: Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Description Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping the SQL LIKE wildcards %, , . The value is passed as a bound parameter, so this is not SQL...

6.9CVSS5.9AI score0.00315EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-51052

Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.2.0 through 2.35.0 Description In the SymfonyUXAutocompleteDoctrineEntitySearchUtil::addSearchClause function, the LIKE expression for the autocomplete endpoint is constructed by wrapping the client-supplied query in %......

6.9CVSS5.5AI score0.00315EPSS
Exploits0References7
Friends Of PHP
Friends Of PHP
added 2026/05/29 8:0 a.m.19 views

symfony/ux-autocomplete Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Description Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping the SQL LIKE wildcards %, , . The value is passed as a bound parameter, so this is not SQL...

6.9CVSS5.9AI score0.00315EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/13 9:31 p.m.5 views

EUVD-2026-11753

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

6.9CVSS5.9AI score0.0032EPSS
Exploits0References4
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-22216

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

6.9CVSS0.0032EPSS
Exploits0References3
Rows per page
Query Builder