Lucene search
K

11 matches found

Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51935

Name of the Vulnerable Software and Affected Versions Auth0-PHP versions 8.0.0 through 8.17.0 Auth0/symfony versions 5.0.0 through 5.5.0 Auth0/laravel-auth0 versions 7.0.0 through 7.19.0 Auth0/wordpress plugin versions 5.0.0-BETA0 through 5.4.0 Description The Auth0-PHP SDK contains a flaw in how...

6.8CVSS6.6AI score0.00368EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-0749

Malware in sbrugna...

5.4CVSS7.5AI score0.01048EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.14 views

Symfony < 5.4.46 / 6.x < 6.4.14 / 7.x < 7.1.7 Improper Input Handling

Symfony versions prior to 5.4.46 or 6.x prior to 6.4.14 or 7.x prior to 7.1.7 is vulnerable when the registerargcargv php directive is set to 'on' and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the...

8.7CVSS7AI score0.63422EPSS
Exploits1References4
OSV
OSV
added 2024/11/06 9:15 p.m.2 views

UBUNTU-CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

3.1CVSS5.8AI score0.00318EPSS
Exploits0References5
Prion
Prion
added 2021/11/24 7:15 p.m.18 views

Design/Logic Flaw

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

4CVSS6.6AI score0.01355EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2019/11/21 11:15 p.m.1 views

UBUNTU-CVE-2019-11325

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter...

9.8CVSS6AI score0.03354EPSS
Exploits0References4
OSV
OSV
added 2018/08/06 9:29 p.m.2 views

DEBIAN-CVE-2017-16654

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read methods of these classes use a path and a locale to determine the...

7.5CVSS6.8AI score0.02677EPSS
Exploits0References1
OSV
OSV
added 2018/06/13 4:29 p.m.1 views

DEBIAN-CVE-2018-11407

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE:...

9.8CVSS9.6AI score0.02345EPSS
Exploits0References1
OSV
OSV
added 2016/06/01 10:59 p.m.6 views

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

7.5CVSS7.3AI score0.01907EPSS
Exploits0References4
Symfony
Symfony
added 2015/11/23 12:0 a.m.24 views

CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature

Affected Versions Symfony 2.3.0 to 2.3.34, 2.6.0 - 2.6.11, 2.7.0 - 2.7.6 versions of the Security component are affected by this security issue. This issue has been fixed in Symfony 2.3.35, 2.6.12, and 2.7.7. Note that no fixes are provided for Symfony 2.4 and 2.5 as they are not maintained...

6.8CVSS5.8AI score0.02712EPSS
Exploits1
OSV
OSV
added 2015/06/02 2:59 p.m.4 views

CVE-2015-4050

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...

4.3CVSS6.5AI score0.08269EPSS
Exploits0References6
Rows per page
Query Builder