1702 matches found
Insecure Unserialize Vulnerability in FLOW3
More info at https://www.neos.io/blog/flow-sa-2012-001.html...
Potential XSS vector in Zend_Filter_StripTags when comments allowed
More info at https://framework.zend.com/security/advisory/ZF2010-03...
CVE-2026-45066: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification
More info at https://symfony.com/cve-2026-45066...
CVE-2026-45071: XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
More info at https://symfony.com/cve-2026-45071...
CVE-2026-45066: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification
More info at https://symfony.com/cve-2026-45066...
Stored XSS in tags autocomplete dropdown
More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...
Tabnabbing when opening URI with menu "Open URI in a new tab"
More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...
Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001
More info at https://www.drupal.org/sa-core-2020-001...
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013
More info at https://www.drupal.org/sa-core-2020-013...
Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011
More info at https://www.drupal.org/sa-core-2019-011...
CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient
More info at https://symfony.com/cve-2026-48736...
CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
More info at https://symfony.com/cve-2026-45075...
Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
More info at https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2...
CVE-2026-24749 - DBFile permission bypass
More info at https://www.silverstripe.org/download/security-releases/cve-2026-24749...
TYPO3-EXT-SA-2026-013: Remote Code Execution in extension "Content Element Selector" (ceselector)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-013...
GraphQL query operations security can be bypassed
Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...
SS-2024-002 - Reflected Cross Site Scripting (XSS) in error message
More info at https://www.silverstripe.org/download/security-releases/ss-2024-002...
Regular expression Denial of Service
More info at https://typo3.org/security/advisory/typo3-ext-sa-2021-016...
Header leakage on cross-domain redirects
This version fixes a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matching t...
EZSA-2020-004 Object Injection in SiteAccessMatchListener
More info at https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener...
SSTI Vulnerability
More info at https://twitter.com/nystudio107/status/1268736336200171520?lang=en...
Disclosure of files via logo_path query parameter
Require version that checks mime type...
Cross-Site Scripting in Filelist Module
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-023...
Arbitrary Code Execution and Cross-Site Scripting in Backend API
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-019...
Information Disclosure in User Authentication
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-010...
Information disclosure
More info at https://framework.zend.com/security/advisory/ZF2019-01...
Cross-Site Scripting in Fluid ViewHelpers
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-005...
Denial of Service in Online Media Asset Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-011...
Possible DOS attack with long user-submitted passwords (correct fix for CVE-2013-5958)
See https://twitter.com/CiPHPerCoder/status/1050427719941525504 for discussion...
Action case insensitivity
Fix security breach = required role for action was not required for Action nor ACTION. Thanks to [email protected]...
Privilege Escalation & SQL Injection in TYPO3 CMS
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-003...
Insecure Deserialization in TYPO3 CMS
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-004...
CSRF vulnerability in the admin panel
More info at https://sylius.com/blog/csrf-vulnerability-in-admin-panel/...
Incorrect header injection check
Security: Reject header injections correctly, see 4...
Non-Persistent XSS
More info at https://community.shopware.com/detail2048.html...
Invalid token creation and validation
More info at https://simplesamlphp.org/security/201708-01...
Flow Bugfix Releases for Entity Security
More info at https://www.neos.io/blog/flow-bugfix-releases-for-entity-security.html...
Security fix for Flow Swift Mailer package
More info at https://www.neos.io/blog/flow-sa-2017-01.html...
Security fix for Flow Swift Mailer package
More info at https://www.neos.io/blog/flow-sa-2017-01.html...
Null reset codes were allowed
More info at https://haxx.ml/post/149975211631/how-i-hacked-your-cfp-and-probably-some-other...
ImageMagick driver does not escape all shell arguments.
More info at https://fuelphp.com/security-advisories...
Arbitrary File Disclosure in Form Component
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-010/...
Denial of Service attack possibility in TYPO3 component Indexed Search
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-008/...
SS-2015-028: Missing security check on dev/build/defaults
More info at https://www.silverstripe.org/download/security-releases/ss-2015-028/...
Cross-Site Scripting in link validator component
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-002/...
Cross-Site Scripting vulnerability in typolinks
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/...
CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature
More info at https://symfony.com/cve-2015-8124...
Potential SQL injection vector using null byte for PDO (MsSql, SQLite)
More info at https://framework.zend.com/security/advisory/ZF2015-08...
Frontend: Unauthenticated Path Disclosure
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/...
SS-2015-011: Potential SQL Injection Vulnerability
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-011/...