187 matches found
UBUNTU-CVE-2025-64500
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
Description The Request class improperly interprets some PATHINFO in a way that leads to representing some URLs with a path that doesn't start with a /. This can allow bypassing some access control rules that are built with this /-prefix assumption. Resolution The Request class now ensures that U...
CVE-2025-64500
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...
CVE-2025-64500 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...
CVE-2025-64500
Affected component: Symfony HttpFoundation (Symfony PHP framework). Vulnerability: The Request class improperly interprets some PATH_INFO, allowing representation of URLs without a leading slash and potentially bypassing access-control rules that assume a leading β/β. Versions and root cause: Pri...
Incorrect Authorization
Overview symfony/http-foundation is a component defines an object-oriented layer for the HTTP specification. Affected versions of this package are vulnerable to Incorrect Authorization due to the Request class improperly interpreting some PATHINFO in a way that leads to representing some URLs wit...
EUVD-2017-0732
Malware in sbrugna...
EUVD-2005-2256
Malware in sbrugna...
EUVD-2005-4000
Malware in sbrugna...
EUVD-2018-14222
Malware in sbrugna...
EUVD-2003-0580
Malware in sbrugna...
EUVD-2005-0856
Malware in sbrugna...
EUVD-2007-2248
Malware in sbrugna...
EUVD-2004-2376
Malware in sbrugna...
EUVD-2005-1573
Malware in sbrugna...
EUVD-2014-2014
Malware in sbrugna...
EUVD-2023-55116
Malicious code in bioql PyPI...
CVE-2020-9322
The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...
Linux Distros Unpatched Vulnerability : CVE-2025-46804
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not b...
UBUNTU-CVE-2025-46701
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1...