Lucene search
K

4 matches found

NVD
NVD
added yesterday3 views

CVE-2026-45066

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts or allowMediaHosts because UrlSanitizer::parse follows RFC 3986...

6.1CVSS0.00048EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 8:13 p.m.10 views

GHSA-QC95-4862-92FH Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. The configuration methods allowLinkHosts... and allowLinkSchemes... are intended to restrict targets to an allowlist of hosts/schemes; allowMediaHosts / allowMediaSchemes do the same for etc. Three distinct bypasses all...

6.1CVSS5.8AI score0.00048EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.16 views

PT-2026-44135

Name of the Vulnerable Software and Affected Versions symfony/html-sanitizer versions prior to 5.4 Description Three bypasses allow content authors to smuggle URLs that are not on the allowlist past sanitization checks. The first bypass occurs because UrlSanitizer::parse follows RFC-3986, whereas...

2.3CVSS6.1AI score0.00048EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2025/05/22 11:18 p.m.8 views

CVE-2022-24974

Links may not be rewritten according to policy in some specially formatted emails...

5.3CVSS6.9AI score0.0064EPSS
Exploits0References1
Rows per page
Query Builder