Friendsofphp - Page 19 of Friendsofphp Most Viewed Vulnerabilities List | Vulners.com

FriendsofphpMost viewed

Recent Most viewed

1702 matches found

Friends Of PHP•added 1970/01/01 12:0 a.m.•18 views

Password reset phishing vulnerability

More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...

6.1CVSS7.2AI score0.00959EPSS

Exploits0Affected Software1

Friends Of PHP•added 1970/01/01 12:0 a.m.•18 views

Password reset phishing vulnerability

More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...

6.1CVSS7.2AI score0.00959EPSS

Exploits0Affected Software1

Friends Of PHP•added 1970/01/01 12:0 a.m.•18 views

CVE-2024-50341: Security::login does not take into account custom user_checker

More info at https://symfony.com/cve-2024-50341...

3.1CVSS6.6AI score0.00318EPSS

Exploits0Affected Software1

Friends Of PHP•added 1970/01/01 12:0 a.m.•18 views

SQL injection vulnerabililty in the file manager search filter

More info at https://contao.org/en/news/security-vulnerability-cve-2019-11512.html...

9.8CVSS7.2AI score0.01462EPSS

Exploits0Affected Software1

Friends Of PHP•added 2024/09/09 8:51 a.m.•17 views

Possible sandbox bypass

More info at https://symfony.com/blog/twig-security-release-possible-sandbox-bypass...

8.6CVSS6.7AI score0.00826EPSS

Exploits0Affected Software1

Friends Of PHP•added 2024/07/17 12:24 a.m.•17 views

CVE-2024-29885 - Reports are still accessible even when canView is set to false

More info at https://www.silverstripe.org/download/security-releases/cve-2024-29885...

4.3CVSS6.8AI score0.00404EPSS

Exploits0Affected Software1

Friends Of PHP•added 2023/10/04 9:43 a.m.•17 views

TYPO3-EXT-SA-2023-008: Broken Access Control in extension "femanager" (femanager)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-008...

7.2AI score0.01077EPSS

Exploits0Affected Software1

Friends Of PHP•added 2022/12/13 11:23 a.m.•17 views

TYPO3-EXT-SA-2022-016: Insufficient Session Expiration after Password Change in extension "Change password for frontend users" (fe_change_pwd)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-016...

7.5CVSS9AI score0.00441EPSS

Exploits0Affected Software1

Friends Of PHP•added 2022/12/13 10:32 a.m.•17 views

TYPO3-EXT-SA-2022-017: Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-017...

9.1CVSS7.2AI score0.00651EPSS

Exploits0Affected Software1

Friends Of PHP•added 2022/05/25 11:11 a.m.•17 views

CVE-2022-29254 - Failed payment recorded has completed

More info at https://www.silverstripe.org/download/security-releases/cve-2022-29254...

6.5CVSS7.2AI score0.00618EPSS

Exploits0Affected Software1

Friends Of PHP•added 2022/02/04 8:13 a.m.•17 views

Possible SQL injection in widget field value

Description Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0. For more information If you have any questions ...

Exploits0Affected Software1

Friends Of PHP•added 2021/09/28 7:36 p.m.•17 views

CVE-2021-41106: File reference keys leads to incorrect hashes on HMAC algorithms

Impact Users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and, since users...

4.4CVSS4.4AI score0.00199EPSS

Exploits0Affected Software1

Friends Of PHP•added 2021/05/12 8:0 a.m.•17 views

CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms

More info at https://symfony.com/cve-2021-21424...

5.3CVSS5.7AI score0.01712EPSS

Exploits0Affected Software1

Friends Of PHP•added 2020/09/24 1:38 a.m.•17 views

Unescaped message used in HTML within LogEventsList

More info at https://phabricator.wikimedia.org/T256171...

6.1CVSS7.2AI score0.01104EPSS

Exploits0Affected Software1

Friends Of PHP•added 2020/05/04 2:50 p.m.•17 views

Insecure default secret key and IV allowing anyone to decrypt values

This issue has been deleted...

Exploits0Affected Software1

Friends Of PHP•added 2019/12/05 4:2 p.m.•17 views

Possible to circumvent title-blacklist

More info at https://phabricator.wikimedia.org/T239466...

6.1CVSS7.2AI score0.01564EPSS

Exploits1Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2423: Cross-Site Scripting via inventory source

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2410: Cross-Site Scripting via Dynamic block in the Page builder

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2407: Remote code execution due to unsafe PHP archieve deserialization in the import functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.0238EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2403: Remote code execution through crafted PageBuilder templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.02474EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2489: Cross side scripting during the preview of email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2309: Server-side request forgery via crafted connector endpoint

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01714EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•17 views

PRODSECBUG-2190: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•17 views

PRODSECBUG-2193: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•17 views

PRODSECBUG-2306: Remote code execution through crafted email templates

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.02137EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•17 views

PRODSECBUG-2226: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•17 views

PRODSECBUG-2164: Use of cryptographically weak PRNG to create gift card codes

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.3CVSS7.2AI score0.0097EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•17 views

PRODSECBUG-2173: Path traversal vulnerability in WYSIWYG editor.

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

7.5CVSS7.2AI score0.01454EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•17 views

PRODSECBUG-2273: Sensitive data disclosure though malicious email templates

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.0095EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/05/07 9:42 a.m.•17 views

Information Disclosure in Page Tree

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-009...

Exploits0Affected Software1

Friends Of PHP•added 2019/05/07 9:33 a.m.•17 views

Cross-Site Scripting in Fluid Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...

6.1CVSS7.2AI score0.00955EPSS

Exploits1Affected Software1

Friends Of PHP•added 2018/11/06 11:52 a.m.•17 views

CVE-2018-19790: Open Redirect Vulnerability on login

More info at https://symfony.com/cve-2018-19790...

6.1CVSS7.2AI score0.01485EPSS

Exploits0Affected Software1

Friends Of PHP•added 2018/09/14 3:26 p.m.•17 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS

Exploits7Affected Software1

Friends Of PHP•added 2018/05/25 12:12 p.m.•17 views

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

More info at https://symfony.com/cve-2018-11407...

9.8CVSS7.2AI score0.02345EPSS

Exploits0Affected Software1

Friends Of PHP•added 2018/05/25 11:46 a.m.•17 views

CVE-2018-11408: Open redirect vulnerability on security handlers

More info at https://symfony.com/cve-2018-11408...

6.1CVSS7.2AI score0.01139EPSS

Exploits0Affected Software1

Friends Of PHP•added 2017/04/19 4:7 p.m.•17 views

Access bypass

More info at https://www.drupal.org/SA-2017-002...

7.5CVSS7.2AI score0.01606EPSS

Exploits1Affected Software1

Friends Of PHP•added 2016/11/16 6:45 p.m.•17 views

Inconsistent name for term access query

More info at https://www.drupal.org/SA-CORE-2016-005...

4.3CVSS7.2AI score0.01957EPSS

Exploits0Affected Software1

Friends Of PHP•added 2016/11/16 6:45 p.m.•17 views

Denial of service via transliterate mechanism

More info at https://www.drupal.org/SA-CORE-2016-005...

6.5CVSS7.2AI score0.01719EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/11/23 11:45 a.m.•17 views

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

More info at https://symfony.com/cve-2015-8125...

7.5CVSS7.2AI score0.02545EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/09/15 3:50 p.m.•17 views

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

7.8CVSS7.2AI score0.00384EPSS

Exploits0Affected Software1

Friends Of PHP•added 2015/08/31 12:59 p.m.•17 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00384EPSS

Exploits0Affected Software1

Friends Of PHP•added 2014/09/03 7:40 a.m.•17 views

Direct access of ESI URLs behind a trusted proxy

More info at https://symfony.com/cve-2014-5245...

7.2AI score0.00812EPSS

Exploits0Affected Software1

Friends Of PHP•added 2014/09/03 7:37 a.m.•17 views

Denial of service with a malicious HTTP Host header

More info at https://symfony.com/cve-2014-5244...

7.2AI score0.01663EPSS

Exploits0Affected Software1

Friends Of PHP•added 2013/04/08 1:16 p.m.•17 views

Vulnerability in the filesystem loader

More info at http://blog.twig.sensiolabs.org/post/47461911874/security-release-twig-1-12-3-released...

Exploits0Affected Software1

Friends Of PHP•added 2012/12/19 9:59 a.m.•17 views

Code execution vulnerability via the "internal" routes

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

6.8CVSS7.2AI score0.01173EPSS

Exploits0Affected Software1

Friends Of PHP•added 1970/01/01 12:0 a.m.•17 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS

Exploits1Affected Software1

Friends Of PHP•added 1970/01/01 12:0 a.m.•17 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS

Exploits1Affected Software1

Friends Of PHP•added 1970/01/01 12:0 a.m.•17 views

Code injection vulnerability in allSelectors()

More info at https://packetstormsecurity.com/files/cve/CVE-2020-13756...

7.5CVSS9AI score0.55084EPSS

Exploits4Affected Software1

Friends Of PHP•added 1970/01/01 12:0 a.m.•17 views

Padding Oracle Vulnerability in RSA Encryption

See https://framework.zend.com/security/advisory/ZF2015-10 it's essentially the same vulnerability The text was updated successfully, but these errors were encountered: All reactions...

Exploits0Affected Software1

Friends Of PHP•added 1970/01/01 12:0 a.m.•17 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS

Exploits1Affected Software1

Total number of security vulnerabilities1702