CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 4 days ago•10 views

CVE-2026-45701

Sulu CMS prior to versions 2.6.23 and 3.0.6 uses a weak cryptographic hash for password reset tokens and API key generation, as documented across CVE-2026-45701 disclosures. The vulnerability originates in the affected components (User.php and ResettingController.php) within the SecurityBundle, l...

Cvelist•added 4 days ago•23 views

CVE-2026-45701 Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens

6.9CVSS0.00027EPSS

EUVD•added 4 days ago•6 views

EUVD-2026-33664

Vulnrichment•added 4 days ago•5 views

CVE-2026-45701 Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens

CNNVD•added 4 days ago•5 views

Sulu encryption issue vulnerabilities

Sulu is a scalable Symfony framework based on PHP, developed by the Austrian company Sulu. Versions prior to Sulu 2.6.23 and 3.0.6 contained a security vulnerability related to encryption. This vulnerability stemmed from the use of weak encryption hash algorithms for generating password reset...

Snyk•added 2026/05/18 5:34 p.m.•4 views

Access Control Bypass

Overview sulu/sulu is a highly extensible open-source PHP content management system based on the Symfony framework. Affected versions of this package are vulnerable to Access Control Bypass in the users endpoint controller, which exposes the apiKey field to logged-in users who have permission for...

3.1CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/18 5:27 p.m.•3 views

Use of a Broken or Risky Cryptographic Algorithm

Overview sulu/sulu is a highly extensible open-source PHP content management system based on the Symfony framework. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the use of a weak cryptographical hash algorithm in the User.php and...

RedhatCVE•added 2026/04/01 11:1 p.m.•2 views

Exploits0References2

CVE-2026-34372

Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via at least one role could have access to the sub-entities of contacts via the admin API without ev...

Snyk•added 2026/03/31 11:2 p.m.•2 views

Exploits0References1

Authentication Bypass Using an Alternate Path or Channel

Overview sulu/sulu is a highly extensible open-source PHP content management system based on the Symfony framework. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the admin API. An attacker can gain unauthorized access to...

5.3CVSS5.9AI score0.00018EPSS

Exploits0References2

NVD•added 2026/03/31 9:16 p.m.•4 views

CVE-2026-34372

5.3CVSS0.00018EPSS

CVE•added 2026/03/31 8:19 p.m.•6 views

CVE-2026-34372

The CVE refers to a permission-check issue in Sulu’s Admin API where a user with at least one Admin role could access subentities (e.g., contacts) via the Admin API without having explicit permission for those contacts. This was fixed in Sulu releases 2.6.22 and 3.0.5. A Symfony Request Listener ...

Exploits0References3Affected Software1

OSV•added 2026/03/31 8:19 p.m.•2 views

CVE-2026-34372 Sulu checks fix permissions for subentities endpoints

Cvelist•added 2026/03/31 8:19 p.m.•20 views

Exploits0References5

CVE-2026-34372 Sulu checks fix permissions for subentities endpoints

5.3CVSS0.00018EPSS

ATTACKERKB•added 2026/03/31 8:19 p.m.•1 views

CVE-2026-34372

Exploits0References4Affected Software1

Vulnrichment•added 2026/03/31 8:19 p.m.•2 views

CVE-2026-34372 Sulu checks fix permissions for subentities endpoints

CNNVD•added 2026/03/31 12:0 a.m.•3 views

Sulu 安全漏洞

Sulu is a scalable Symfony framework based on PHP, developed by the Austrian company Sulu. Versions of Sulu from 1.0.0 to 2.6.22 and from 3.0.0 to 3.0.5 contained security vulnerabilities due to improper permission checks. These vulnerabilities could allow unauthorized access to contact...