Lucene search
+L

187 matches found

osv
osv
β€’added 2025/11/12 10:15 p.m.β€’4 views

UBUNTU-CVE-2025-64500

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...

7.3CVSS5.8AI score0.01344EPSS
Exploits0References9
github
github
β€’added 2025/11/12 9:50 p.m.β€’9 views

Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass

Description The Request class improperly interprets some PATHINFO in a way that leads to representing some URLs with a path that doesn't start with a /. This can allow bypassing some access control rules that are built with this /-prefix assumption. Resolution The Request class now ensures that U...

7.3CVSS6.5AI score0.01344EPSS
Exploits0References7Affected Software2
debiancve
debiancve
β€’added 2025/11/12 9:40 p.m.β€’8 views

CVE-2025-64500

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...

7.3CVSS7.3AI score0.01344EPSS
Exploits0
osv
osv
β€’added 2025/11/12 9:40 p.m.β€’4 views

CVE-2025-64500 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...

7.3CVSS6.4AI score0.01344EPSS
Exploits0References7
cve
cve
β€’added 2025/11/12 9:40 p.m.β€’715 views

CVE-2025-64500

Affected component: Symfony HttpFoundation (Symfony PHP framework). Vulnerability: The Request class improperly interprets some PATH_INFO, allowing representation of URLs without a leading slash and potentially bypassing access-control rules that assume a leading β€œ/”. Versions and root cause: Pri...

7.3CVSS6.1AI score0.01344EPSS
Exploits0References5Affected Software2
snyk
snyk
β€’added 2025/11/12 1:41 p.m.β€’8 views

Incorrect Authorization

Overview symfony/http-foundation is a component defines an object-oriented layer for the HTTP specification. Affected versions of this package are vulnerable to Incorrect Authorization due to the Request class improperly interpreting some PATHINFO in a way that leads to representing some URLs wit...

7.3CVSS7AI score0.01344EPSS
Exploits0References2
euvd
euvd
β€’added 2025/10/07 12:30 a.m.β€’4 views

EUVD-2017-0732

Malware in sbrugna...

6.1CVSS6.2AI score0.01455EPSS
Exploits1References6
euvd
euvd
β€’added 2025/10/07 12:30 a.m.β€’7 views

EUVD-2005-2256

Malware in sbrugna...

6.4CVSS6.2AI score0.01507EPSS
Exploits1References3
euvd
euvd
β€’added 2025/10/07 12:30 a.m.β€’7 views

EUVD-2005-4000

Malware in sbrugna...

7.5CVSS6.3AI score0.01281EPSS
Exploits1References7
euvd
euvd
β€’added 2025/10/07 12:30 a.m.β€’5 views

EUVD-2018-14222

Malware in sbrugna...

8.8CVSS8.8AI score0.0191EPSS
Exploits0References4
euvd
euvd
β€’added 2025/10/07 12:30 a.m.β€’5 views

EUVD-2003-0580

Malware in sbrugna...

7.5CVSS6.4AI score0.05496EPSS
Exploits0References2
euvd
euvd
β€’added 2025/10/07 12:30 a.m.β€’6 views

EUVD-2005-0856

Malware in sbrugna...

10CVSS6.4AI score0.02402EPSS
Exploits1References3
euvd
euvd
β€’added 2025/10/07 12:30 a.m.β€’3 views

EUVD-2007-2248

Malware in sbrugna...

5CVSS6.4AI score0.01324EPSS
Exploits1References5
euvd
euvd
β€’added 2025/10/07 12:30 a.m.β€’4 views

EUVD-2004-2376

Malware in sbrugna...

5CVSS6.4AI score0.06683EPSS
Exploits1References6
euvd
euvd
β€’added 2025/10/07 12:30 a.m.β€’3 views

EUVD-2005-1573

Malware in sbrugna...

5CVSS6.4AI score0.01178EPSS
Exploits1References2
euvd
euvd
β€’added 2025/10/07 12:30 a.m.β€’6 views

EUVD-2014-2014

Malware in sbrugna...

5CVSS6.4AI score0.0209EPSS
Exploits0References6
euvd
euvd
β€’added 2025/10/03 8:7 p.m.β€’6 views

EUVD-2023-55116

Malicious code in bioql PyPI...

4.9CVSS4.3AI score0.00322EPSS
Exploits0References2
redhatcve
redhatcve
β€’added 2025/08/10 12:15 a.m.β€’14 views

CVE-2020-9322

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...

8.8CVSS5.6AI score0.00255EPSS
Exploits0References1
nessus
nessus
β€’added 2025/08/09 12:0 a.m.β€’4 views

Linux Distros Unpatched Vulnerability : CVE-2025-46804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not b...

3.3CVSS4.8AI score0.00213EPSS
Exploits0References3
osv
osv
β€’added 2025/05/29 7:15 p.m.β€’3 views

UBUNTU-CVE-2025-46701

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1...

7.3CVSS7.2AI score0.02736EPSS
Exploits1References11
Rows per page
Query Builder