Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FriendsofphpMost viewed
RecentMost viewed

1697 matches found

Friends Of PHP
Friends Of PHPadded 2026/05/20 8:0 a.m.13 views

Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

More info at https://symfony.com/cve-2026-46640...

5.8AI score0.00056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2025/04/10 2:37 a.m.13 views

SS-2025-001 - User enumeration via timing attack

More info at https://www.silverstripe.org/download/security-releases/ss-2025-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2025/04/10 2:37 a.m.13 views

CVE-2025-25197 - XSS attack in elemental "Content blocks in use" report

More info at https://www.silverstripe.org/download/security-releases/cve-2025-25197...

5.4CVSS7.2AI score0.0025EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2025/03/18 9:27 a.m.13 views

TYPO3-EXT-SA-2025-002: Cross-Site Scripting in extension “Additional TCA” (additional_tca)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-002...

6.8AI score0.0036EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2023/11/20 2:58 p.m.13 views

TYPO3-EXT-SA-2023-009: Insecure Direct Object Reference in extension "Content Consent" (content_consent)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-009...

7.2AI score0.00598EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2023/07/30 11:41 p.m.13 views

SS-2023-002 - Cross-site scripting (XSS) vulnerabilities inherited form TinyMCE

More info at https://www.silverstripe.org/download/security-releases/SS-2023-002...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2021/09/16 6:9 p.m.13 views

Regular expression Denial of Service

More info at https://typo3.org/security/advisory/typo3-ext-sa-2021-016...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2020/03/13 1:52 p.m.13 views

XSS vulnerability in blade templating

More info at https://github.com/laravel/framework/pull/31945...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2020/01/01 4:15 p.m.13 views

Disclosure of files via logo_path query parameter

Require version that checks mime type...

3.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/10/08 12:0 a.m.13 views

PRODSECBUG-2406: Cross-Site Scripting via Payment Method Title

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/10/08 12:0 a.m.13 views

PRODSECBUG-2367: Remote code execution due to unsafe handling of a carrier gateway

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01714EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/10/08 12:0 a.m.13 views

PRODSECBUG-2417: Remote code execution via vulnerable Symphony dependecy injection

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.02455EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/10/08 12:0 a.m.13 views

PRODSECBUG-2449: Remote code execution via local file delete and XSLT injection

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/10/08 12:0 a.m.13 views

PRODSECBUG-2376: Remote code execution through crafted page layout and image data

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/10/08 12:0 a.m.13 views

PRODSECBUG-2272: XPath Injection via front end rendering functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.01285EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/10/08 12:0 a.m.13 views

PRODSECBUG-2444: Missing logs of configuration changes related to design update

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00964EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/10/08 12:0 a.m.13 views

PRODSECBUG-2464: Use of weak cryptographic function

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.0092EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/09/24 4:51 p.m.13 views

CVE-2019-12203: Session fixation in "change password" form

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12203/...

6.3CVSS7.2AI score0.0038EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/07/16 4:24 p.m.13 views

Critical - Access bypass

More info at https://www.drupal.org/sa-core-2019-008...

9.8CVSS7.2AI score0.01598EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/06/25 6:40 a.m.13 views

Broken Access Control in Import Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/06/25 6:39 a.m.13 views

Arbitrary Code Execution and Cross-Site Scripting in Backend API

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-019...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/06/25 12:0 a.m.13 views

PRODSECBUG-2172: Insecure user credential storage

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

7.5CVSS7.2AI score0.00738EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/06/25 12:0 a.m.13 views

PRODSECBUG-2322: Arbitrary code execution due to unsafe handling of a shipping gateway

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.01438EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/06/25 12:0 a.m.13 views

PRODSECBUG-2337: Stored cross-site scripting in the catalog templates form

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/06/25 12:0 a.m.13 views

PRODSECBUG-2222: Deletion of user roles via cross-site request forgery (CSRF)

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

6.5CVSS7.2AI score0.00439EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/05/07 9:43 a.m.13 views

Information Disclosure in User Authentication

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-010...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/03/28 1:34 p.m.13 views

Information disclosure

More info at https://framework.zend.com/security/advisory/ZF2019-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/02/12 12:0 p.m.13 views

Remote code execution

More info at https://www.passbolt.com/incidents/20190211multiplevulnerabilities...

0.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/01/22 8:41 a.m.13 views

Arbitrary Code Execution via File List Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-008...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2018/12/20 4:16 p.m.13 views

Credentials exposure in session storage

More info at https://simplesamlphp.org/security/201812-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2018/12/11 9:56 a.m.13 views

Denial of Service in Online Media Asset Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2018/07/12 9:34 a.m.13 views

Privilege Escalation & SQL Injection in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-003...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2018/07/12 9:34 a.m.13 views

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-002...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2018/07/08 11:47 p.m.13 views

CSRF vulnerability in the admin panel

More info at https://sylius.com/blog/csrf-vulnerability-in-admin-panel/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2018/05/24 1:11 p.m.13 views

SS-2018-006: Code execution vulnerability

More info at https://www.silverstripe.org/download/security-releases/ss-2018-006/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2018/05/24 1:11 p.m.13 views

SS-2018-012: Uploaded PHP script execution in assets

More info at https://www.silverstripe.org/download/security-releases/ss-2018-012/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2017/09/05 11:37 a.m.13 views

Information Disclosure in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2017/06/28 2:13 p.m.13 views

Invalid token creation and validation

More info at https://simplesamlphp.org/security/201708-01...

5.9CVSS7.2AI score0.0125EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2017/06/22 10:7 a.m.13 views

Remote Code Execution Vulnerability

More info at https://community.shopware.com/detail2015.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2017/05/15 9:9 a.m.13 views

Remote Code Execution

$highlight = Pygmentize::highlight'?php phpinfo;', ';uname -a '; printr$highlight; This will produce the following output: Darwin Micheals-MBP 16.1.0 Darwin Kernel Version 16.1.0: Thu Oct 13 21:26:57 PDT 2016; root:xnu-3789.21.360/RELEASEX8664 x8664 The problem lines appear to be here:...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2017/03/15 8:19 p.m.13 views

Remote code execution

More info at https://www.drupal.org/SA-2017-001...

8.1CVSS7.2AI score0.03901EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2017/01/31 11:39 a.m.13 views

SS-2017-001: XSS In page name

More info at https://www.silverstripe.org/download/security-releases/ss-2017-001/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2017/01/24 3:56 p.m.13 views

Remote Code Execution Vulnerability

More info at https://community.shopware.com/detail1989.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2016/11/22 10:9 a.m.13 views

Path Traversal in TYPO3 Core

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2016/10/31 9:0 a.m.13 views

Local File Inclusion Vulnerability

More info at https://hackerone.com/reports/179034...

0.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2016/10/31 9:0 a.m.13 views

Local File Inclusion Vulnerability

More info at https://hackerone.com/reports/179034...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2016/10/04 8:18 p.m.13 views

Null reset codes were allowed

More info at https://haxx.ml/post/149975211631/how-i-hacked-your-cfp-and-probably-some-other...

0.3AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2016/09/27 8:6 a.m.13 views

ImageMagick driver does not escape all shell arguments.

More info at https://fuelphp.com/security-advisories...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2016/08/30 10:37 a.m.13 views

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/...

0.6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2016/08/15 6:5 p.m.13 views

SS-2016-007: VersionedRequestFilter vulnerability

More info at https://www.silverstripe.org/download/security-releases/ss-2016-007/...

7.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities1697