21 matches found
Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification
Description The Twilio SMS notifier bridge ships a webhook request parser used to authenticate and decode the status callbacks Twilio POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...
Authentication Bypass
github.com/traefik/traefik is vulnerable to an authentication bypass. The vulnerability is due to improper sanitization of forwarded header alias variants using underscores instead of dashes, which allows an attacker to inject spoofed trusted headers and bypass authentication on protected routes...
CVE-2026-29143
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...
EUVD-2026-18166
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...
CVE-2026-29143 S/MIME Decryption Impersonation
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...
CVE-2026-29143
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of S/MIME encrypted MIME entities for...
EUVD-2026-9379
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
CVE-2026-27443
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
CVE-2026-27443
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
CVE-2026-27443 S/MIME Decryption Tag Sanitization Bypass
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
CVE-2026-27443 S/MIME Decryption Tag Sanitization Bypass
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.1 contained security vulnerabilities. These vulnerabilities stemmed from improper cleaning of headers originating from S/MIME...
PT-2026-22889
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
Angular 代码问题漏洞
Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. There were code-related vulnerabilities in versions of Angular CLI prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21. These...
CVE-2021-41267
Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trustedheaders" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2,...
WordPress plugin BigBuy Dropshipping Connector for WooCommerce 信息泄露漏洞
WordPress BigBuy Dropshipping Connector for WooCommerce plugin is an open source plugin for the WordPress platform for WooCommerce e-commerce platform , support and BigBuy and other Dropshipping supplier docking , to achieve automatic synchronization of goods It supports interfacing with BigBuy a...
CVE-2023-44463
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application...
Fedora 28 : php-symfony3 (2018-9c38d1dc1d)
3.4.14 2018-08-01 - security cve-2018-14774 HttpKernel fix trusted headers management in HttpCache and InlineFragmentRenderer nicolas-grekas - security cve-2018-14773 HttpFoundation Remove support for legacy and risky HTTP headers nicolas-grekas - bug 28003 HttpKernel Fixes invalid REMOTEADDR in...
Fedora 28 : php-symfony (2018-9b54497b6e)
2.8.44 2018-08-01 - security cve-2018-14774 HttpKernel fix trusted headers management in HttpCache and InlineFragmentRenderer nicolas-grekas - security cve-2018-14773 HttpFoundation Remove support for legacy and risky HTTP headers nicolas-grekas - bug 28003 HttpKernel Fixes invalid REMOTEADDR in...