CakePHP 5.3.2 Released

CakePHP 5.3.2 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.3.2. This is a maintenance release for the 5.3 branch that fixes community reported issues, regressions and a security issue with PaginatorHelper. Bugfixes You can expect the following change...

Cross-site Scripting (XSS)

Overview cakephp/cakephp is a rapid development framework for PHP which uses commonly known design patterns like Associative Data Mapping, Front Controller, and MVC. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the PaginatorHelper::limitControl function. An...

CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

CVE-2026-23643

The CVE-2026-23643 entry concerns CakePHP and a cross-site-scripting vulnerability in PaginatorHelper::limitControl() triggered by query string manipulation. Affected versions are fixed in 5.2.12 and 5.3.1; upgrade to at least those releases to mitigate. The vulnerability description is corrobora...

CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

CakePHP cross-site scripting vulnerabilities

CakePHP is an open-source web development framework based on the MVC architecture, created by the CAKE Foundation in the United States. This framework features flexible view caching, automatic generation of CRUD code, and other functionalities. Versions of CakePHP prior to 5.2.12 and 5.3.1...

CakePHP 5.2.12 Released

CakePHP 5.2.12 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.2.12. This is a security fix release for the 5.2 branch that fixes a security issue with PaginatorHelper. This release is recommended for all applications using PaginatorHelper::limitControl...

CakePHP 5.3.1 Released

CakePHP 5.3.1 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.3.1. This is a maintenance release for the 5.3 branch that fixes community reported issues, regressions and a security issue with PaginatorHelper. Bugfixes You can expect the following change...

EUVD-2022-1853

Malicious code in bioql PyPI...

CVE-2020-15150

There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...

CVE-2024-32978

Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of moderate severity du...

CVE-2024-32978 Kaminari Insecure File Permissions Vulnerability

Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of moderate severity du...

CVE-2024-32978

Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of moderate severity du...

PaginationServiceProvider SQL注入漏洞

PaginationServiceProvider is an application by Takashi Kanemoto Personal Developer. Allows you to use KnpPaginatorBundle in Silex applications. A SQL injection vulnerability exists in PaginationServiceProvider version 0.x and prior versions, which stems from incorrect manipulation of the paramete...

ai.djl.serving:serving (=0.20.0), berlin.yuna:paginator (>=0.1.38 <=0.1.48) +3556 more potentially affected by CVE-2022-41915 via io.netty:netty-codec-http (>=4.1.83.Final <=4.1.85.Final)

io.netty:netty-codec-http MAVEN version =4.1.83.Final, =0.1.38, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2022-41915 Source advisory: OSV:GHSA-HH82-3PMQ-7FRP...

GHSA-W98M-2XQG-9CVJ Remote Code Execution in paginator

There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. Impact There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate...

Remote Code Execution in paginator

There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. Impact There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate...

Paginator Elixir Remote Code Execution (CVE-2020-15150)

A remote code execution vulnerability exists in Paginator Elixir . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2020-15150

There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...