Lucene search
+L

4 matches found

attackerkb
attackerkb
added 2026/05/01 12:0 a.m.5 views

CVE-2026-37552

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

8.4CVSS6.1AI score0.00253EPSS
Exploits0References4
osv
osv
added 2026/05/01 12:0 a.m.2 views

CVE-2026-37552

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

8.4CVSS6.3AI score0.00253EPSS
Exploits0References5
github
github
added 2023/04/18 1:14 p.m.49 views

Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-22731 Twig filters to only be executed with allowed functions. It is possible to pass PHP Closures as string or an array and array crafted PHP Closures was not checked against allow list Patches The problem has been fixed with 6.4.20.1 with an improved override...

9.9CVSS8.4AI score0.02083EPSS
Exploits1References7Affected Software2
osv
osv
added 2023/04/18 1:14 p.m.55 views

GHSA-7V2V-9RM4-7M8F Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-22731 Twig filters to only be executed with allowed functions. It is possible to pass PHP Closures as string or an array and array crafted PHP Closures was not checked against allow list Patches The problem has been fixed with 6.4.20.1 with an improved override...

8.8CVSS8.4AI score0.02083EPSS
Exploits1References7
Rows per page
Query Builder