Lucene search
K

8 matches found

CVE
CVE
added yesterday17 views

CVE-2026-45754

CVE-2026-45754 affects Symfony’s Mailjet mailer bridge and LOX24 notifier bridge. Prior to versions 6.4.40, 7.4.12, and 8.0.12, the webhook parsers did not verify configured webhook secrets, allowing unauthenticated POST requests to inject forged Mailjet and LOX24 events. The issue is fixed in th...

6.9CVSS6.1AI score0.00103EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/28 5:22 p.m.13 views

Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection

Description The Mailjet mailer bridge and the LOX24 SMS notifier bridge both ship webhook request parsers used to authenticate and decode the event callbacks each provider POSTs to an application's webhook endpoint. Their doParseRequest $request, \SensitiveParameter string $secret methods receive...

6.9CVSS5.7AI score0.00103EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2026/05/28 5:22 p.m.9 views

GHSA-64HG-93W9-FC35 Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection

Description The Mailjet mailer bridge and the LOX24 SMS notifier bridge both ship webhook request parsers used to authenticate and decode the event callbacks each provider POSTs to an application's webhook endpoint. Their doParseRequest $request, \SensitiveParameter string $secret methods receive...

8.7CVSS5.7AI score0.00103EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-44546

Name of the Vulnerable Software and Affected Versions Symfony Webhook Bridges versions prior to 6.4 Symfony Webhook Bridges versions prior to 7.4 Description The Mailjet mailer bridge and the LOX24 SMS notifier bridge contain webhook request parsers that fail to authenticate event callbacks. The...

6.9CVSS5.8AI score0.00103EPSS
Exploits0References21
Snyk
Snyk
added 2026/05/20 3:35 p.m.10 views

Missing Authentication for Critical Function

Overview symfony/lox24-notifier is a Symfony LOX24 Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parsers in the Mailjet maile bridge and LOX24 SMS notifier bridge. An attacker can submit forged...

6.9CVSS5.8AI score0.00103EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45754...

6.9CVSS5.8AI score0.00103EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45754...

6.9CVSS5.8AI score0.00103EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45754...

6.9CVSS5.8AI score0.00103EPSS
Exploits0Affected Software1
Rows per page
Query Builder