Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2012/09/23 10:11 a.m.•30 views

DOS attack in FOSUserBundle login form

More info at https://symfony.com/cve-2013-5750...

5CVSS7.2AI score0.01232EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•30 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009

More info at https://www.drupal.org/sa-core-2020-009...

6.1CVSS7.2AI score0.00681EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•30 views

Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005

More info at https://www.drupal.org/sa-core-2019-005...

5.4CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•30 views

Drupal core - Critical - Remote code execution - SA-CORE-2020-012

More info at https://www.drupal.org/sa-core-2020-012...

8.8CVSS7.2AI score0.04269EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•30 views

RCE vulnerability in "cookie" session driver

More info at https://blog.laravel.com/laravel-cookie-security-releases...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•30 views

Moderately critical - Cross Site Scripting

More info at https://www.drupal.org/sa-core-2018-003...

6.1CVSS9.7AI score0.0178EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•30 views

CVE-2019-18887: Use constant time comparison in UriSigner

More info at https://symfony.com/cve-2019-18887...

8.1CVSS7.2AI score0.01338EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•30 views

Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-004...

9.8CVSS7.2AI score0.99236EPSS
Exploits14Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•30 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2024/03/02 12:31 a.m.•29 views

phpseclib does not properly limit the ASN1 OID length

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f2qx-66wf-wvvx. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the...

7.5CVSS6.9AI score0.00569EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/08/16 10:5 a.m.•29 views

TYPO3-EXT-SA-2023-007: Broken Access Control in extension "hCaptcha for EXT:form" (hcaptcha)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-007...

5CVSS6.5AI score0.00515EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/06/09 10:36 a.m.•29 views

TYPO3-EXT-SA-2023-004: Cross-Site Scripting in extension "Faceted Search" (ke_search)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-004...

6.3CVSS7.2AI score0.00341EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/04/25 11:30 p.m.•29 views

CVE-2023-22729 - Open redirect vulnerability on CMSSecurity relogin screen

More info at https://www.silverstripe.org/download/security-releases/cve-2023-22729...

6.1CVSS7.2AI score0.00419EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/03/28 7:41 p.m.•29 views

Cross site scripting vulnerability in Javascript escaping

Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the...

7.1CVSS7AI score0.01025EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/02/21 8:31 a.m.•29 views

TYPO3-EXT-SA-2023-002: Persisted Cross-Site Scripting in extension "Forms Export" (frp_form_answers)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-002...

5.8CVSS6.2AI score0.00424EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/02/01 8:0 a.m.•29 views

CVE-2022-24894: Prevent storing cookie headers in HttpCache

More info at https://symfony.com/cve-2022-24894...

8.8CVSS7.2AI score0.00753EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/09/13 8:6 a.m.•29 views

TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-010...

6.5CVSS7.2AI score0.0072EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/09/13 7:28 a.m.•29 views

GHSA-47m6-46mj-p235: By-passing Cross-Site Scripting Protection in HTML Sanitizer

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 Problem Due to a parsing issue in upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanis...

6.1CVSS5.8AI score0.00633EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/07/25 7:29 p.m.•29 views

Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack.

Description Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from...

5.8CVSS5.8AI score0.00615EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/07/20 6:0 p.m.•29 views

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014

More info at https://www.drupal.org/sa-core-2022-014...

7.2CVSS7.2AI score0.01422EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/01/29 12:0 p.m.•29 views

CVE-2022-23601: CSRF token missing in forms

More info at https://symfony.com/cve-2022-23601...

8.8CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/06/07 10:31 p.m.•29 views

CVE-2020-26138 FormField: with square brackets in field name skips validation

More info at https://www.silverstripe.org/download/security-releases/cve-2020-26138...

5.3CVSS7.2AI score0.01341EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/05/14 2:37 p.m.•29 views

Improper Certificate Validation in WP-CLI framework

Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability...

9.1CVSS8.5AI score0.01312EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/05/12 8:0 a.m.•29 views

CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms

More info at https://symfony.com/cve-2021-21424...

5.3CVSS5.7AI score0.01712EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/03/16 8:59 a.m.•29 views

TYPO3-CORE-SA-2021-004: Cross-Site Scripting in Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-004...

5.4CVSS5.8AI score0.00872EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/11/17 8:50 a.m.•29 views

TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-011...

8.1CVSS7.2AI score0.00666EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:50 a.m.•29 views

Directory Traversal on ZIP extraction

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-024...

7.2CVSS7.2AI score0.01452EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•29 views

PRODSECBUG-2405: Injection vulnerability via email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00902EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•30 views

PRODSECBUG-2478: Broken authentication and session managememt

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.01168EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•29 views

PRODSECBUG-2190: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•29 views

PRODSECBUG-2380: Stored cross-site scripting in the Currency Symbols field

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/05/30 8:55 p.m.•29 views

Exposed suppressed username or log in Special:EditTags

More info at https://phabricator.wikimedia.org/T222036...

6.5CVSS7.2AI score0.0141EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/05/07 9:33 a.m.•29 views

Cross-Site Scripting in Fluid Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...

6.1CVSS7.2AI score0.00966EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/05/25 11:46 a.m.•29 views

CVE-2018-11406: CSRF Token Fixation

More info at https://symfony.com/cve-2018-11406...

8.8CVSS7.2AI score0.00761EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/05/25 11:46 a.m.•29 views

CVE-2018-11385: Session Fixation Issue for Guard Authentication

More info at https://symfony.com/cve-2018-11385...

8.1CVSS7.2AI score0.02014EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/01/22 8:41 a.m.•29 views

Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

7.5CVSS7.2AI score0.02859EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/11/16 3:12 p.m.•29 views

CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS

More info at https://symfony.com/cve-2017-16653...

5.9CVSS7.2AI score0.01472EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/06/15 8:59 p.m.•29 views

Views can allow unauthorized users to see Statistics information

More info at https://www.drupal.org/SA-CORE-2016-002...

5.3CVSS7.2AI score0.02212EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/01/14 9:48 a.m.•29 views

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

More info at https://symfony.com/cve-2016-1902...

7.5CVSS7.2AI score0.01907EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/05/10 3:41 a.m.•29 views

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

4.3CVSS7.2AI score0.01521EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/12/10 10:7 a.m.•29 views

Possible link spoofing on the homepage when anchors are used

More info at https://typo3.org/security/advisory/typo3-core-sa-2014-003...

4.3CVSS7.2AI score0.01724EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/16 10:0 p.m.•29 views

SQL injection vector when manually quoting values for sqlsrv extension, using null byte

More info at https://framework.zend.com/security/advisory/ZF2014-06...

9.8CVSS7.2AI score0.0255EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Unguarded calls to __toString() when nesting an object into an array

More info at https://symfony.com/blog/cve-2024-51754-unguarded-calls-to-tostring-in-a-sandbox-when-an-object-is-in-an-array-or-an-argument-list...

2.2CVSS5.9AI score0.0044EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

CVE-2018-14773: Remove support for legacy and risky HTTP headers

More info at https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers...

6.5CVSS7.2AI score0.58061EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2026-48736...

5.8AI score0.00029EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003

More info at https://www.drupal.org/sa-core-2021-003...

6.1CVSS7.2AI score0.03189EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002

More info at https://www.drupal.org/sa-core-2020-002...

6.1CVSS7.2AI score0.00864EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Critical - Arbitrary PHP code execution

More info at https://www.drupal.org/sa-core-2019-002...

9.8CVSS7.2AI score0.33228EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

More info at https://www.drupal.org/sa-core-2021-002...

6.1CVSS7.2AI score0.00671EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
Total number of security vulnerabilities1702