Lucene search
+L

19 matches found

CVE
CVE
added 3 days ago76 views

CVE-2026-45065

CVE-2026-45065 affects Symfony’s UrlGenerator in the Symfony PHP framework. Prior to versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters with a pattern built as ^ + raw requirement + $, and ungrouped alternations can cause middle alternatives to match as unanchore...

6.1CVSS6.1AI score0.00261EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/06/24 10:17 p.m.9 views

Incomplete Filtering of Special Elements

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

7.6CVSS5.8AI score0.00338EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/24 10:17 p.m.7 views

Incomplete Filtering of Special Elements

Overview org.webjars.npm:angular is a WebJar for angular. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements in the $sceDelegate service's trustedResourceUrlList validation, where a regular expression intended to match the entire resource URL is only...

7.6CVSS5.8AI score0.00338EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 4:55 p.m.8 views

GHSA-72XP-P242-47P9 Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

Description Symfony routes can declare a requirements regex per path parameter, e.g. a route /locale/blog with requirements: locale: 'en|fr|de' . The Twig path / url helpers backed by UrlGenerator validate supplied parameter values against that regex before building the URL. UrlGenerator construc...

6.1CVSS5.8AI score0.00261EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/27 4:55 p.m.23 views

Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

Description Symfony routes can declare a requirements regex per path parameter, e.g. a route /locale/blog with requirements: locale: 'en|fr|de' . The Twig path / url helpers backed by UrlGenerator validate supplied parameter values against that regex before building the URL. UrlGenerator construc...

6.1CVSS5.8AI score0.00261EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-44134

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 5.4.25 Description The UrlGenerator class, used by Twig path and url helpers, fails to properly anchor regular expressions when validating path parameters that use alternations. The validation pattern is constructed a...

2.3CVSS6.1AI score0.00261EPSS
Exploits0References18
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Media: Verisilicon: Avoid G2 bus errors during H.264 and HEVC decoding. For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously. Otherwise, a bus error will occur, resulting in...

5.5CVSS6AI score0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 1:11 p.m.26 views

CVE-2026-43310

The CVE-2026-43310 issue affects the Linux kernel Verisilicon media driver on the i.MX8MQ platform. It describes a hardware limitation where the g1 VPU and g2 VPU cannot decode H.264 and HEVC simultaneously; doing so can trigger a bus error, producing corrupted video output and potentially causin...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/03/12 6:32 p.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview multipart is a Parser for multipart/form-data Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the parseoptionsheader function due to the use of a regular expression with ambiguous alternation. An attacker can cause significant resource...

8.7CVSS5.8AI score0.00699EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.10 views

Multi-delegate system opens exploits: vote amplification, collusion, rapid alternation, obscuring bribes.

Lines of code Vulnerability details Impact Allowing votes to be spread across multiple delegates does potentially open up new attack vectors if not handled carefully. Some ways this could potentially be exploited: A delegator spreads their votes thin across many dummy delegates they control to...

7.2AI score
Exploits0
Fedora
Fedora
added 2017/04/01 5:53 p.m.23 views

[SECURITY] Fedora 26 Update: R-3.3.3-1.fc26

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide varie...

8.8CVSS2.4AI score0.02403EPSS
Exploits2
NVD
NVD
added 2016/12/15 6:59 a.m.23 views

CVE-2016-7868

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution...

8.8CVSS9.1AI score0.11022EPSS
Exploits0References9
OSV
OSV
added 2016/12/15 6:59 a.m.3 views

CVE-2016-7868

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution...

8.8CVSS6.3AI score0.11022EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2016/12/15 6:59 a.m.26 views

CVE-2016-7868

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution...

8.8CVSS7.6AI score0.11022EPSS
Exploits0References3
CVE
CVE
added 2016/12/15 6:31 a.m.78 views

CVE-2016-7868

Adobe Flash Player suffers a buffer overflow/underflow in the RegExp class related to alternation, affecting versions 23.0.0.207 and earlier and 11.2.202.644 and earlier. Successful exploitation could lead to arbitrary code execution. Remediation: upgrade to version 24.0.0.186 or newer as the fix...

8.8CVSS8.9AI score0.11022EPSS
Exploits0References9Affected Software1
RedHat Linux
RedHat Linux
added 2016/12/14 1:2 p.m.12 views

flash-plugin: multiple code execution issues fixed in APSB16-39

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution...

8.8CVSS6.3AI score0.11022EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2016/12/13 12:0 a.m.5 views

PT-2016-2960 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 23.0.0.207 and earlier Adobe Flash Player versions 11.2.202.644 and earlier Description: The issue is caused by a buffer boundary violation in the RegExp class of the Flash Player platform. Exploitation of this iss...

10CVSS9.2AI score0.18786EPSS
Exploits0References117
Fedora
Fedora
added 2008/09/10 6:53 a.m.20 views

[SECURITY] Fedora 9 Update: R-2.7.2-1.fc9

A language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide variety of statistical and graphical techniques linear and nonlinear modelling, statistical tests, tim...

2.4AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.11 views

CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

More info at https://symfony.com/cve-2026-45065...

6.1CVSS5.8AI score0.00261EPSS
Exploits0Affected Software1
Rows per page
Query Builder