Lucene search
K

12 matches found

CVE
CVE
added yesterday20 views

CVE-2026-48747

Summary: CVE-2026-48747 affects Symfony’s Mailomat webhook parser. The MailomatRequestParser::validateSignature() method reads the X-MOM-Webhook-Signature header and passes the wire-provided algorithm directly to hash_hmac(), enabling a signature algorithm downgrade instead of enforcing SHA-256 a...

6.3CVSS6.1AI score0.00018EPSS
Exploits0References4
CVE
CVE
added yesterday24 views

CVE-2026-47212

Symfony’s Twilio Notifier Bridge contains a vulnerability in TwilioRequestParser::doParse() where the configured webhook secret is read but the X-Twilio-Signature verification is ignored, allowing unauthenticated POSTs to inject forged Twilio status payloads. Affected releases: Symfony before 6.4...

6.9CVSS6.1AI score0.00026EPSS
Exploits0References5
CVE
CVE
added yesterday12 views

CVE-2026-45755

The CVE-2026-45755 issue affects Symfony’s Mailtrap Mailer Bridge (package symfony/mailtrap-mailer). The MailtrapRequestParser::doParse() method accepts the webhook payload using a configured secret but does not verify the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to forg...

6.9CVSS6.1AI score0.00026EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/28 5:33 p.m.20 views

Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection

Description The Mailtrap mailer bridge ships a webhook request parser used to authenticate and decode the event callbacks Mailtrap POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...

6.9CVSS5.8AI score0.00026EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-44546

Name of the Vulnerable Software and Affected Versions Symfony Webhook Bridges versions prior to 6.4 Symfony Webhook Bridges versions prior to 7.4 Description The Mailjet mailer bridge and the LOX24 SMS notifier bridge contain webhook request parsers that fail to authenticate event callbacks. The...

6.9CVSS5.8AI score0.00103EPSS
Exploits0References21
Snyk
Snyk
added 2026/05/20 3:35 p.m.11 views

Missing Authentication for Critical Function

Overview symfony/twilio-notifier is a Symfony Twilio Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parser in the notifier bridge. An attacker can submit forged webhook status events because the pars...

6.9CVSS5.7AI score0.00026EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 6:30 p.m.1 views

CVE-2026-42231 n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...

9.4CVSS7.9AI score0.00851EPSS
Exploits1References3
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.8 views

CVE-2026-45755: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45755...

6.9CVSS5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.15 views

CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

More info at https://symfony.com/cve-2026-48747...

6.3CVSS5.8AI score0.00018EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

CVE-2026-47212: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-47212...

6.9CVSS5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-47212: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-47212...

6.9CVSS5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

More info at https://symfony.com/cve-2026-48747...

6.3CVSS5.8AI score0.00018EPSS
Exploits0Affected Software1
Rows per page
Query Builder