PT-2026-44149

Description SymfonyComponentYamlParser resolves YAML aliases anchor during parsing. Aliases that reference collections arrays, stdClass, TaggedValue-wrapped collections can themselves point to other collections containing aliases, creating exponential expansion at resolution time. A small input c...

CVE-2026-8139 Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with...

CVE-2026-8139

Concrete CMS versions 9.5.0 and earlier are vulnerable to stored XSS on the external-link page cvName due to updateCollectionAliasExternal bypassing sanitization. The issue is triggered by the sanitize bypass in updateCollectionAliasExternal, enabling stored scripts delivered to users. Affected p...

CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

More info at https://symfony.com/cve-2026-45304...

CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

More info at https://symfony.com/cve-2026-45304...