symfony/ux-autocomplete XSS via unescaped AJAX response data

Description The Stimulus controller shipped with symfony/ux-autocomplete renders AJAX response items into the dropdown by interpolating the text field directly into HTML template literals $itemlabelField inside createAutocompleteWithRemoteData. The value is parsed as HTML rather than text, so any...

symfony/ux-live-component CSRF Protection Bypass: Accept Header is CORS-Safelisted

Description When using symfony/ux-live-component, methods annotated with LiveAction are invokable from the browser and mutate server-side state via AJAX. Symfony\UX\LiveComponent\EventListener\LiveComponentSubscriber::isLiveComponentRequest gated these invocations on the presence of Accept:...

TYPO3-EXT-SA-2024-004: Broken Access Control in "Integration of Friendly Captcha" (friendlycaptcha_official)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2024-004...

Cryptographic side-channels in PHPECC

ECDSA Canonicalization PHPECC is vulnerable to malleable ECDSA signature attacks. Constant-Time Signer When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library GMP, which does not aim to provide constant-time implementatio...

Infinite Loop vulnerability

Math/PrimeField.php in phpseclib has an infinite loop with composite primefields. This vulnerability was introduced in version 3.0.0, and has been patched in 3.0.19. The CVE for this issue originally identified the the vulnerable version as 2.x, however, the vulnerable functionality was not...

Cross-site Scripting in Semantic MediaWiki

More info at https://nvd.nist.gov/vuln/detail/CVE-2022-48614...

CVE-2021-41106: File reference keys leads to incorrect hashes on HMAC algorithms

Description Impact Users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and,...

Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003

More info at https://www.drupal.org/sa-core-2020-003...

Critical signature bypass

More info at https://simplesamlphp.org/security/201911-01...

PRODSECBUG-2425: Cross-Site Scripting via Signifyd Guarantee Option Translation Override

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2416: Using vulnerable component that provides abstraction of HTTP specification

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2418: SQL injection via marketing account with access to email templates variables

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2455: Stored cross-site scripting (XSS) from URL in to product page

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2452: User Password is stored in clear

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2414: Remote code execution through custom layout update of the content management functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2405: Injection vulnerability via email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2402: Cross-Site Scripting via Attribute Set Name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2478: Broken authentication and session managememt

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2434: SQL injection in 'Catalog Products List' widget leading to privilege escalation

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

Circumvents open_basedir INI directive

ADVISORY: This release circumvents openbasedir in the requestinithook. If you rely on the openbasedir INI directive, we highly recommended you upgrade to 0.30.2. Fixed - Shutdown span flushing blocking the process when forked 493 - Memory access errors in cases when PHP code was run after extensi...

PRODSECBUG-2125: Deletion of Blocks via cross-site request forgery (CSRF)

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

PRODSECBUG-2171: Insecure token implementation leads to Cross-Site Request Forgery (CSRF)

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

PRODSECBUG-2177: Insufficient server side validations leads to Insecure File upload vulnerability

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

PRODSECBUG-2375: Arbitrary code execution via malicious XML layouts

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

PRODSECBUG-2320: Arbitrary code execution due to unsafe handling of system configuration

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

PRODSECBUG-2347: Insufficient brute-forcing defenses in the token exchange protocol could be abused in carding attacks

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

PRODSECBUG-2188: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

PRODSECBUG-2266: Arbitrary code execution through malicious elastic search module configuration

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

PRODSECBUG-2276: Insecure Direct Object Reference (IDOR) vulnerability can expose order shipping details

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

PRODSECBUG-2285: Arbitrary code execution due to unsafe handling of a carrier gateway

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

CVE-2019-12149: Potential SQL injection in restfulserver and registry modules

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12149...

Denial of service

Make the world a bit safer...

$wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie'

More info at https://phabricator.wikimedia.org/T169545...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

XSS in the url field on the password workspace grid and sidebar

More info at https://www.passbolt.com/incidents/20170914xssonresourceurls...

Access bypass

More info at https://www.drupal.org/SA-2017-002...

Editor module incorrectly checks access to inline private files

More info at https://www.drupal.org/SA-2017-001...

Arbitrary shell execution

Security Advisory - This release contains a fix for a security advisory related to the improper handling of shell commands - Uses of shellexec and exec were not escaping filenames and configuration settings in most cases - A properly crafted filename or configuration option would allow for...

Insecure Unserialize in TYPO3 Backend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023/...

Cross-Site Scripting in third party library mso/idna-convert

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-020...

XSS attack vector in Security Library method xss_clean()

More info at https://www.codeigniter.com/userguide/changelog.htmlversion-3-0-3...

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

Direct access of prefixed controller actions

More info at https://bakery.cakephp.org/2015/08/06/cakephp2592610272released.html...

Routes behind a firewall are accessible even when not logged in

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

Filter input to avoid XPath injection

In order to avoid XPath injection, user input must be filtered before it ends up in the query. Unfortunately, there's no way to do this with a standard method in PHP, so we need our own filtering function. Current best practice recommends using white lists instead of black lists to allow only a...