Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
added 2012/03/28 9:32 a.m.14 views

Insecure Unserialize Vulnerability in FLOW3

More info at https://www.neos.io/blog/flow-sa-2012-001.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2010/01/08 5:31 p.m.14 views

Potential XSS vector in Zend_Filter_StripTags when comments allowed

More info at https://framework.zend.com/security/advisory/ZF2010-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

CVE-2026-45066: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

More info at https://symfony.com/cve-2026-45066...

5.8AI score0.00048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

CVE-2026-45071: XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true

More info at https://symfony.com/cve-2026-45071...

5.8AI score0.00052EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

CVE-2026-45066: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

More info at https://symfony.com/cve-2026-45066...

5.8AI score0.00048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

Stored XSS in tags autocomplete dropdown

More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

Tabnabbing when opening URI with menu "Open URI in a new tab"

More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001

More info at https://www.drupal.org/sa-core-2020-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

More info at https://www.drupal.org/sa-core-2020-013...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011

More info at https://www.drupal.org/sa-core-2019-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/26 8:0 a.m.13 views

CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2026-48736...

5.8AI score0.00029EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/20 8:0 a.m.13 views

CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

More info at https://symfony.com/cve-2026-45075...

5.8AI score0.00052EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/13 7:0 a.m.13 views

Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

More info at https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/04/16 2:30 a.m.13 views

CVE-2026-24749 - DBFile permission bypass

More info at https://www.silverstripe.org/download/security-releases/cve-2026-24749...

5.3CVSS5.7AI score0.00398EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/04/07 10:50 a.m.13 views

TYPO3-EXT-SA-2026-013: Remote Code Execution in extension "Content Element Selector" (ceselector)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-013...

9.2CVSS5.8AI score0.02306EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2025/04/03 3:2 p.m.13 views

GraphQL query operations security can be bypassed

Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...

7.5CVSS7.2AI score0.00439EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2025/01/14 9:23 p.m.13 views

SS-2024-002 - Reflected Cross Site Scripting (XSS) in error message

More info at https://www.silverstripe.org/download/security-releases/ss-2024-002...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/09/16 6:9 p.m.13 views

Regular expression Denial of Service

More info at https://typo3.org/security/advisory/typo3-ext-sa-2021-016...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/06/16 8:55 p.m.13 views

Header leakage on cross-domain redirects

This version fixes a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matching t...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/05/20 4:45 p.m.13 views

EZSA-2020-004 Object Injection in SiteAccessMatchListener

More info at https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/04/28 6:8 p.m.13 views

SSTI Vulnerability

More info at https://twitter.com/nystudio107/status/1268736336200171520?lang=en...

0.3AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/01/01 4:15 p.m.13 views

Disclosure of files via logo_path query parameter

Require version that checks mime type...

3.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/12/17 9:50 a.m.13 views

Cross-Site Scripting in Filelist Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-023...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 6:39 a.m.13 views

Arbitrary Code Execution and Cross-Site Scripting in Backend API

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-019...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/05/07 9:43 a.m.13 views

Information Disclosure in User Authentication

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-010...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/03/28 1:34 p.m.13 views

Information disclosure

More info at https://framework.zend.com/security/advisory/ZF2019-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/01/22 8:41 a.m.13 views

Cross-Site Scripting in Fluid ViewHelpers

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-005...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/12/11 9:56 a.m.13 views

Denial of Service in Online Media Asset Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/10/31 12:19 p.m.13 views

Possible DOS attack with long user-submitted passwords (correct fix for CVE-2013-5958)

See https://twitter.com/CiPHPerCoder/status/1050427719941525504 for discussion...

5CVSS6.1AI score0.01868EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/10/02 12:1 a.m.13 views

Action case insensitivity

Fix security breach = required role for action was not required for Action nor ACTION. Thanks to [email protected]...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/07/12 9:34 a.m.13 views

Privilege Escalation & SQL Injection in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-003...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/07/12 9:34 a.m.13 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-004...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/07/08 11:47 p.m.13 views

CSRF vulnerability in the admin panel

More info at https://sylius.com/blog/csrf-vulnerability-in-admin-panel/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/03/15 5:25 p.m.13 views

Incorrect header injection check

Security: Reject header injections correctly, see 4...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/01/22 12:30 p.m.13 views

Non-Persistent XSS

More info at https://community.shopware.com/detail2048.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/06/28 2:13 p.m.13 views

Invalid token creation and validation

More info at https://simplesamlphp.org/security/201708-01...

5.9CVSS7.2AI score0.0125EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/04/12 5:0 p.m.13 views

Flow Bugfix Releases for Entity Security

More info at https://www.neos.io/blog/flow-bugfix-releases-for-entity-security.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/01/06 5:0 p.m.13 views

Security fix for Flow Swift Mailer package

More info at https://www.neos.io/blog/flow-sa-2017-01.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/01/06 5:0 p.m.13 views

Security fix for Flow Swift Mailer package

More info at https://www.neos.io/blog/flow-sa-2017-01.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/10/04 8:18 p.m.13 views

Null reset codes were allowed

More info at https://haxx.ml/post/149975211631/how-i-hacked-your-cfp-and-probably-some-other...

0.3AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/09/27 8:6 a.m.13 views

ImageMagick driver does not escape all shell arguments.

More info at https://fuelphp.com/security-advisories...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/04/12 12:7 p.m.13 views

Arbitrary File Disclosure in Form Component

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-010/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/02/23 12:28 p.m.13 views

Denial of Service attack possibility in TYPO3 component Indexed Search

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-008/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/02/17 5:55 p.m.13 views

SS-2015-028: Missing security check on dev/build/defaults

More info at https://www.silverstripe.org/download/security-releases/ss-2015-028/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/02/16 12:32 p.m.13 views

Cross-Site Scripting in link validator component

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-002/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/12/15 11:38 a.m.13 views

Cross-Site Scripting vulnerability in typolinks

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/11/23 11:45 a.m.13 views

CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature

More info at https://symfony.com/cve-2015-8124...

6.8CVSS7.2AI score0.02712EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/09/15 3:50 p.m.13 views

Potential SQL injection vector using null byte for PDO (MsSql, SQLite)

More info at https://framework.zend.com/security/advisory/ZF2015-08...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/09/08 10:57 a.m.13 views

Frontend: Unauthenticated Path Disclosure

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/25 10:52 a.m.13 views

SS-2015-011: Potential SQL Injection Vulnerability

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-011/...

7.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities1702