Lucene search
+L

13390 matches found

UbuntuCve
UbuntuCve
added 4 days ago7 views

CVE-2026-45754

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook secrets but did not verify them, allowing unauthenticated POST...

6.9CVSS6.1AI score0.00348EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago8 views

CVE-2026-45755

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...

6.9CVSS6.1AI score0.00238EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago12 views

CVE-2026-45133

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, when the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline...

8.2CVSS6.1AI score0.00691EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago8 views

CVE-2026-45075

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, method-scoped IsGranted, IsSignatureValid, and IsCsrfTokenValid attributes can be configured for GET only, but Symfony routes HEAD requests to the GET handler while the...

8.3CVSS6.2AI score0.00382EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago7 views

CVE-2026-45070

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Mime\Header\ParameterizedHeader validates and encodes parameter values but emits parameter names verbatim, allowing a caller that derive...

6.5CVSS6.1AI score0.00292EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago15 views

CVE-2026-45753

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlAttributeSanitizer::getSupportedAttributes omits URL-valued attributes including action, formaction, poster, and cite, so configurations that adm...

6.1CVSS6.1AI score0.00297EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago8 views

CVE-2026-45304

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection aliases recursively, allowing a small untrusted YAML input to expand into a multi-gigabyte structur...

8.7CVSS6.1AI score0.00804EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago8 views

CVE-2026-45063

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $SERVER'SSLCLIENTSDN' with an unanchored regex that matches emailAddress= anywhere in the distinguishe...

9.1CVSS6.1AI score0.00323EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago16 views

CVE-2026-45069

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...

9.1CVSS6.1AI score0.00232EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago14 views

CVE-2026-45305

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup used regular expressions with overlapping quantifiers for YAML directive, comment, and document marker cleanup,...

8.7CVSS6.1AI score0.0075EPSS
Exploits0References2
OSV
OSV
added 4 days ago5 views

UBUNTU-CVE-2026-45073

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, PdoAdapter::doClear builds a DELETE statement using a namespace derived from the caller-supplied $prefix without binding or escaping it, allowing a caller...

7.3CVSS6.1AI score0.0041EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 4 days ago12 views

CVE-2026-45065

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern built as ^ plus the raw requirement plus $; with ungrouped alternations, middle alternatives mat...

6.1CVSS6.1AI score0.00261EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago11 views

CVE-2026-45066

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts or allowMediaHosts because UrlSanitizer::parse follows RFC 3986...

6.1CVSS6.1AI score0.0029EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago8 views

CVE-2026-45074

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost, which reflects an attacker-controlled Host header when framework.trustedhosts is n...

8.1CVSS6.1AI score0.00402EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago6 views

CVE-2026-45067

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

6.3CVSS6.1AI score0.00619EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-43299

A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this iss...

7.5CVSS6.5AI score0.00403EPSS
Exploits0References8
NVD
NVD
added 5 days ago7 views

CVE-2026-15542

A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this iss...

7.5CVSS0.00403EPSS
Exploits0References7
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-43248

A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now...

6.5CVSS6.4AI score0.00333EPSS
Exploits0References6
NVD
NVD
added 6 days ago8 views

CVE-2026-15506

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been...

8.5CVSS0.00184EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 6 days ago5 views

CVE-2026-15506 SecureAge CatchPulse Driver saappctl.sys heap-based overflow

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been...

8.5CVSS6.6AI score0.00184EPSS
Exploits0References7
Rows per page
Query Builder