4 matches found
CVE-2026-45064
Symfony’s HtmlSanitizer UrlSanitizer.parse() is vulnerable in 6.1.0-BETA1 through 6.4.40, 7.4.12, and 8.0.12, because Unicode BiDi formatting characters pass through into href/src attributes, enabling visual spoofing where the link text differs from the destination. The issue is fixed in 6.4.40, ...
Linux Distros Unpatched Vulnerability : CVE-2025-2336
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass...
CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
More info at https://symfony.com/cve-2026-45064...
CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
More info at https://symfony.com/cve-2026-45064...