GHSA-6QH9-H6WF-JGQC Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix

Description Symfony\Component\Cache\Adapter\PdoAdapter is the PDO-backed cache adapter. Its clear$prefix method inherited from AbstractAdapterTrait is documented to delete cache items whose key starts with $prefix. In the non-versioning code path, the caller-supplied $prefix is concatenated into...

Flattening of vulnerability issues within the Drupal core

Drupal has identified a vulnerability in the Drupal core versions starting from 8.9.0, specifically versions 10.x and 11.x. The vulnerability involves SQL injection in the Drupal’s database abstraction API. As a result, unauthorized malicious actors can execute arbitrary SQL injections on sites...

Incorrect Authorization

Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to...

User Impersonation

Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to User...

PT-2026-42361

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...

EUVD-2020-0343

Malware in sbrugna...

EUVD-2022-3279

Malicious code in bioql PyPI...

EUVD-2022-3882

Malicious code in bioql PyPI...

EUVD-2022-3620

Malicious code in bioql PyPI...

EUVD-2022-3252

Malicious code in bioql PyPI...

EUVD-2022-3093

Malicious code in bioql PyPI...

EUVD-2022-3887

Malicious code in bioql PyPI...

EUVD-2024-3280

Malicious code in bioql PyPI...

EUVD-2022-3930

Malicious code in bioql PyPI...

EUVD-2022-3015

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-11406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x befor...

Linux Distros Unpatched Vulnerability : CVE-2018-11408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x befo...

Debian dla-4200 : php-symfony - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4200 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4200-1 [email protected]...

[SECURITY] [DLA 4200-1] symfony security update

Debian LTS Advisory DLA-4200-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 31, 2025 https://wiki.debian.org/LTS Package : symfony Version : 4.4.19+dfsg-2+deb11u7 CVE ID : CVE-2024-50343 CVE-2024-50345 Security vulnerabilities were found in symfony, a PHP...

DLA-4200-1 symfony - security update

Bulletin has no description...