CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в symfony

Symfony/http-foundation is a module for the Symphony PHP framework that defines an object-oriented layer for handling HTTP requests. The Request class does not parse URIs containing special characters in the same way that browsers do. As a result, attackers can trick validators that rely on the...

6.1CVSS5.7AI score0.00394EPSS

Exploits0References2

OSV•added 2025/11/12 10:15 p.m.•2 views

DEBIAN-CVE-2025-64500

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...

7.3CVSS7.3AI score0.06307EPSS

Exploits0References1

OSV•added 2025/11/12 9:40 p.m.•1 views

CVE-2025-64500 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass

7.3CVSS6.4AI score0.06307EPSS

Exploits0References7

Vulnrichment•added 2025/11/12 9:40 p.m.•2 views

CVE-2025-64500 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass

7.3CVSS6.1AI score0.06307EPSS

Exploits0References5

Tenable Nessus•added 2025/03/06 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2024-50345

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does no...

6.1CVSS5.8AI score0.00394EPSS

Exploits0References2

Veracode•added 2024/11/20 3:42 a.m.•4 views

Improper URI Parsing

symfony/http-foundation is vulnerable to Improper URI Parsing. The vulnerability is due to improper parsing of URIs with special characters by the Request class, which does not align with browser behavior, allowing attackers to exploit validators and redirect users to malicious domains...

6.1CVSS6.5AI score0.00394EPSS

Exploits0References9Affected Software1

OSV•added 2024/11/06 9:15 p.m.•0 views

UBUNTU-CVE-2024-50345

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class...

6.1CVSS7AI score0.00394EPSS

Exploits0References5

OSV•added 2024/11/06 8:56 p.m.•11 views

CVE-2024-50345 Open redirect via browser-sanitized URLs in symfony/http-foundation

3.1CVSS4.3AI score0.00394EPSS

Exploits0References5

Snyk•added 2024/11/06 12:41 p.m.•1 views

Open Redirect

Overview symfony/http-foundation is a component defines an object-oriented layer for the HTTP specification. Affected versions of this package are vulnerable to Open Redirect in the Request::create function, which improperly handles special characters in a URI. Remediation Upgrade...

6.9CVSS6.9AI score0.00394EPSS

Exploits0References2

OSV•added 2024/03/06 11:8 a.m.•25 views

BIT-SYMFONY-2020-5274

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the...

5.5CVSS5.2AI score0.00267EPSS

Exploits0References3

Github Security Blog•added 2022/05/13 1:5 a.m.•29 views

Symfony HTTP Foundation web cache poisoning

An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a legacy IIS header that lets users override the path in the request URL via the...

6.5CVSS0.5AI score0.16652EPSS

Exploits0References12Affected Software2

OSV•added 2022/05/13 1:5 a.m.•34 views

GHSA-8WGJ-6WX8-H5HQ Symfony HTTP Foundation web cache poisoning

6.5CVSS6.5AI score0.16652EPSS

Exploits0References11

Ubuntu•added 2021/03/15 10:18 p.m.•32 views

USN-4836-1: Symfony vulnerability

It was discovered that Symfony through the HttpFoundation component allowed unauthorized access on a misconfigured LDAP server. A remote attacker could use this vulnerability to gain unauthorized access...

9.8CVSS8.2AI score0.00141EPSS

Exploits0

OSV•added 2020/03/30 8:15 p.m.•15 views

CVE-2020-5274

5.4CVSS5.4AI score

Exploits0References3

OSV•added 2020/03/30 8:15 p.m.•1 views

DEBIAN-CVE-2020-5274

5.4CVSS6AI score0.00267EPSS

Exploits0References1

NVD•added 2020/03/30 8:15 p.m.•12 views

CVE-2020-5274

5.5CVSS4.8AI score0.00267EPSS

Exploits0References3

Github Security Blog•added 2019/12/02 6:10 p.m.•105 views

Invalid HTTP method overrides allow possible XSS or other attacks in Symfony

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...

9.8CVSS1.3AI score0.00257EPSS

Exploits0References7Affected Software2