CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

49 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-2728

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00166EPSS

Exploits0References9

Tenable Nessus•added 2025/08/30 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2018-14774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, a...

7.2CVSS7.2AI score0.00166EPSS

Exploits0References2

OSV•added 2024/05/30 12:46 a.m.•18 views

GHSA-WVJV-P5RR-MMQM Symfony allows direct access of ESI URLs behind a trusted proxy

All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5....

7.5CVSS5.9AI score

Exploits0References5

Positive Technologies•added 2024/05/30 12:0 a.m.•3 views

PT-2024-10556 · Varnish +1 · Varnish +1

Name of the Vulnerable Software and Affected Versions: Symfony HttpKernel component versions 2.2.X through 2.5.X Description: This issue affects applications with the ESI feature enabled and a proxy in front of the web application. The FragmentHandler considers requests to render fragments as...

7.5CVSS7.3AI score

Exploits0References6

OSV•added 2022/05/17 3:11 a.m.•22 views

GHSA-QMQW-MPQP-MR54 Symfony Incorrect Access Control

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...

4.3CVSS6.3AI score0.76192EPSS

Exploits0References10

Github Security Blog•added 2022/05/17 3:11 a.m.•28 views

Symfony Incorrect Access Control

4.3CVSS6.9AI score0.76192EPSS

Exploits0References11Affected Software2

Github Security Blog•added 2022/05/14 2:20 a.m.•28 views

Symfony Host Header Injection

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should ...

7.2CVSS7.4AI score0.00166EPSS

Exploits0References10Affected Software1

OSV•added 2022/05/14 2:20 a.m.•17 views

GHSA-66P6-7P29-55P9 Symfony Host Header Injection

7.2CVSS6.7AI score0.00166EPSS

Exploits0References9

Symfony•added 2019/11/13 12:0 a.m.•44 views

CVE-2019-18887: Use constant time comparison in UriSigner

Affected versions Symfony 2.8.0 to 2.8.51, 3.4.0 to 3.4.34, 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7 versions of the Symfony HttpKernel component are affected by this security issue. The issue has been fixed in Symfony 2.8.52, 3.4.35, 4.2.12 and 4.3.8. Note that no fixes are provided for Symfony 3.0,...

8.1CVSS7.8AI score0.00813EPSS

Exploits0

Tenable Nessus•added 2019/04/29 12:0 a.m.•36 views

Fedora 29 : php-symfony3 (2019-a3ca65028c)

Version 3.4.26 2019-04-17 - bug 31084 HttpFoundation Make MimeTypeExtensionGuesser case insensitive vermeirentony - bug 31142 Revert 'bug 30423 Security Rework firewall's access denied rule dimabory' chalasr - security cve-2019-10910 DI Check service IDs are valid nicolas-grekas - security...

9.8CVSS7.7AI score0.11901EPSS

Exploits1References2

Tenable Nessus•added 2019/01/03 12:0 a.m.•25 views

Fedora 28 : php-symfony (2018-9b54497b6e)

2.8.44 2018-08-01 - security cve-2018-14774 HttpKernel fix trusted headers management in HttpCache and InlineFragmentRenderer nicolas-grekas - security cve-2018-14773 HttpFoundation Remove support for legacy and risky HTTP headers nicolas-grekas - bug 28003 HttpKernel Fixes invalid REMOTEADDR in...

7.2CVSS7.4AI score0.16652EPSS

Exploits0References2

Tenable Nessus•added 2018/08/15 12:0 a.m.•28 views

Fedora 27 : php-symfony3 (2018-6f3ceeb7cb)

3.3.18 2018-08-01 - security cve-2018-14774 HttpKernel fix trusted headers management in HttpCache and InlineFragmentRenderer nicolas-grekas - security cve-2018-14773 HttpFoundation Remove support for legacy and risky HTTP headers nicolas-grekas Note that Tenable Network Security has extracted th...

7.2CVSS7.4AI score0.16652EPSS

Exploits0References2

Tenable Nessus•added 2018/08/15 12:0 a.m.•25 views

Fedora 27 : php-symfony (2018-4deae442f2)

7.2CVSS7.4AI score0.16652EPSS

Exploits0References2

Tenable Nessus•added 2018/08/15 12:0 a.m.•33 views

Fedora 27 : php-symfony4 (2018-7f43cbdb69)

4.0.14 2018-08-01 - security cve-2018-14774 HttpKernel fix trusted headers management in HttpCache and InlineFragmentRenderer nicolas-grekas - security cve-2018-14773 HttpFoundation Remove support for legacy and risky HTTP headers nicolas-grekas - bug 28003 HttpKernel Fixes invalid REMOTEADDR in...

7.2CVSS7.3AI score0.16652EPSS

Exploits0References2

CNVD•added 2018/08/07 12:0 a.m.•1 views

Sensio Labs Symfony HttpKernel Header Injection Vulnerability

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework. The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . HttpKernel is one of the use of EventDispatcher components...

7.2CVSS7.3AI score0.00166EPSS

Exploits0References1

OSV•added 2018/08/03 5:29 p.m.•20 views

CVE-2018-14774

7.2CVSS6.9AI score0.00166EPSS

Exploits0References2

OSV•added 2018/08/03 5:29 p.m.•1 views

DEBIAN-CVE-2018-14774

7.2CVSS7AI score0.00166EPSS

Exploits0References1