223 matches found
EUVD-2025-201373
The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-13623
CVE-2025-13623 – Twitscription (WordPress) is a Reflected Cross-Site Scripting vulnerability in the Twitscription WordPress plugin. According to the details, it affects all versions up to and including 0.1.1 and arises from insufficient input sanitization and output escaping in the admin.php PATH...
CVE-2025-13623 Twitscription <= 0.1.1 - Reflected Cross-Site Scripting via admin.php PATH_INFO
The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-13622
CVE-2025-13622 — Jabbernotification (WordPress) Reflected XSS : The WordPress Jabbernotification plugin is vulnerable to a reflected Cross-Site Scripting attack via admin.php PATH_INFO in versions
CVE-2025-13622 Jabbernotification <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO
The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2025-13622 Jabbernotification <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO
The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
Symfony Incorrect Authorization Vulnerability (GHSA-3rg7-wf37-54rm)
Symfony is prone to an incorrect authorization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sensiolabs:symfony"...
DEBIAN-CVE-2025-64500
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...
GHSA-3RG7-WF37-54RM Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
Description The Request class improperly interprets some PATHINFO in a way that leads to representing some URLs with a path that doesn't start with a /. This can allow bypassing some access control rules that are built with this /-prefix assumption. Resolution The Request class now ensures that U...
CVE-2025-64500 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...
EUVD-2025-131928
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...
CVE-2025-64500 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...
Symfony 安全漏洞
Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony versions prior to 5.4.50, 6.4.29, and 7.3.7, which stems from improper parsing of PATHINFO and could lead to bypassing access control rule...
PT-2025-46712
Name of the Vulnerable Software and Affected Versions Symfony versions 2.0.0 through 5.4.49 Symfony versions 6.0.0 through 6.4.28 Symfony versions 7.0.0 through 7.3.6 Description Symfony’s HttpFoundation component’s Request class incorrectly parses the PATH INFO value. This can result in URLs bei...
Exploit for Out-of-bounds Write in Php
PHuiP-FPizdaM What's this This is an exploit for a bug in...
EUVD-2018-10328
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-0378
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XSS exists in the loginform function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATHINFO to main.php. CVE-2017-0378 Note that Nessus relies...
CVE-2020-9322
The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...
CVE-2020-9322
The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...
Linux Distros Unpatched Vulnerability : CVE-2025-46701
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the...