Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2019/01/22 8:41 a.m.•12 views

Broken Access Control in Localization Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-003...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/12/12 12:21 p.m.•12 views

SS-2018-020: Potential SQL vulnerability in PostgreSQL database connector

More info at https://www.silverstripe.org/download/security-releases/ss-2018-020/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/11/26 10:0 a.m.•12 views

SUPEE-10975 - Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities

More info at https://magento.com/security/patches/supee-10975...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/07/12 9:34 a.m.•12 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-004...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/06/11 3:28 p.m.•12 views

URL Rewrite vulnerability

More info at https://framework.zend.com/security/advisory/ZF2018-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/04/16 5:23 p.m.•12 views

Crypt encryption compromised.

More info at https://fuelphp.com/security-advisories...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/03/15 5:25 p.m.•12 views

Incorrect header injection check

Security: Reject header injections correctly, see 4...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/02/06 4:4 p.m.•12 views

EZSA-2018-001 Several vulnerabilities in Forgot password, Information collector, XML text, and Matrix field type features

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/05/30 9:58 p.m.•12 views

SS-2017-002: Member disclosure in login form

More info at https://www.silverstripe.org/download/security-releases/ss-2017-002/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/05/30 9:58 p.m.•12 views

SS-2017-004: XSS in page history comparison

More info at https://www.silverstripe.org/download/security-releases/ss-2017-004/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/05/30 11:55 a.m.•12 views

Missing state parameter in OAuth requests leading to CSRF vulnerability

More info at https://github.com/sensiolabs/connect/pull/63...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/01/19 8:19 a.m.•12 views

Remote Code Execution Vulnerability

More info at https://community.shopware.com/detail1989.html...

1.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/12/19 10:44 p.m.•12 views

Potential remote code execution in zend-mail via Sendmail adapter

More info at https://framework.zend.com/security/advisory/ZF2016-04...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/09/27 8:6 a.m.•12 views

ImageMagick driver does not escape all shell arguments.

More info at https://fuelphp.com/security-advisories...

0.4AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/07/19 1:3 p.m.•12 views

Insecure Unserialize in TYPO3 Import/Export

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-015...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/05/11 11:9 a.m.•12 views

SS-2016-004: XSS in CMS Edit Page

More info at https://www.silverstripe.org/download/security-releases/ss-2016-004/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/04/12 12:7 p.m.•12 views

Authentication Bypass in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-011/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/12/15 11:38 a.m.•12 views

Cross-Site Scripting in TYPO3 component Indexed Search

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/09/14 10:38 a.m.•12 views

SS-2015-017: Forum Module CSRF Vulnerability

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-017/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/07/23 1:53 p.m.•12 views

Insecure state generation

More info at https://github.com/laravel/socialite/pull/91...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/07/01 2:16 p.m.•12 views

Brute Force Protection Bypass in backend login

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/05/25 2:52 p.m.•12 views

SS-2015-012: External redirection risk in Security?ReturnURL

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-012/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/03/28 6:24 p.m.•12 views

Privilege Escalation in TYPO3 Neos

More info at https://www.neos.io/blog/neos-sa-2015-001.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/03/20 2:57 p.m.•12 views

SS-2015-009: XSS In rewritten hash links

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/03/20 12:10 p.m.•12 views

SS-2014-015: IE requests not properly behaving with rewritehashlinks

More info at https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/03/19 4:54 p.m.•12 views

SS-2015-008: SiteTree Creation Permission Vulnerability

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/03/10 7:41 a.m.•12 views

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/02/12 3:55 p.m.•12 views

SS-2015-004: TreeDropdownField and TreeMultiSelectField XSS

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-004/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/02/12 3:55 p.m.•12 views

SS-2015-005: VirtualPage XSS

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-005/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/12/10 10:7 a.m.•12 views

Possible cache poisining on the homepage when anchors are used

More info at https://typo3.org/security/advisory/typo3-core-sa-2014-003...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/04 12:28 p.m.•12 views

Entropy is lost in the TokenGenerator

More info at https://symfony.com/blog/fosuserbundle-entropy-of-generated-tokens-is-lost...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/06/11 1:46 p.m.•12 views

Potential SQL injection in the ORDER implementation of Zend_Db_Select

More info at https://framework.zend.com/security/advisory/ZF2014-04...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/02/26 4:2 p.m.•12 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/02/26 4:2 p.m.•12 views

Potential XSS vector in multiple view helpers

More info at https://framework.zend.com/security/advisory/ZF2014-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/03/13 3:5 p.m.•12 views

Potential Information Disclosure and Insufficient Entropy vulnerabilities in Zend\Math\Rand and Zend\Validate\Csrf Components

More info at https://framework.zend.com/security/advisory/ZF2013-02...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2012/12/18 4:17 p.m.•12 views

Potential XML eXternal Entity injection vectors in Zend Framework 1 Zend_Feed component

More info at https://framework.zend.com/security/advisory/ZF2012-05...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2012/08/27 7:17 p.m.•12 views

Security fixes related to the way XML is handled

More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2012/07/10 12:35 p.m.•12 views

Fixed the user refreshing to check the identity by primary key instead of username

Changelog ========= 4.1.0 2026-02-13 Convert XML config files to other formats to fix the deprecation of XML config files in Symfony Add PHP routing files alongside the XML ones. Loading the XML routing files triggers a deprecation in Symfony 7.4. Fix deprecation in the UserChecker Fix the...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2012/06/13 5:24 p.m.•12 views

Potential XSS in Development Environment Error View Script

More info at https://framework.zend.com/security/advisory/ZF2011-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2009/02/27 9:0 a.m.•12 views

XSS vector in Zend_Filter_StripTags

More info at https://framework.zend.com/security/advisory/ZF2009-02...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2009/02/13 2:43 p.m.•12 views

LFI vector in Zend_View::setScriptPath() and render()

More info at https://framework.zend.com/security/advisory/ZF2009-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•12 views

Prevent installation typosquatting malware

More info at https://www.kernelmode.blog/typosquatting-malware-found-in-composer-repository/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•12 views

Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments

More info at https://symfony.com/cve-2026-46629...

5.8AI score0.00056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•12 views

Information disclosure

More info at https://simplesamlphp.org/security/201911-02...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•12 views

Vulnerability to bypass two-factor authentication with remember-me option

Bundle version: 4.10.0 Symfony version: 3.4.31 Description Bypass 2fa by rememberme cookie To Reproduce We have a login form with rememberme checkbox functionality, When using the checkbox, symfony creates a cookie "REMEMBERME". That moment we get redirected to the 2fa-auth page. We have no acces...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•12 views

Guard bypass in Eloquent models

More info at https://blog.laravel.com/security-release-laravel-61834-7232...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•12 views

Cookie serialization vulnerability

More info at https://laravel.com/docs/5.6/upgradeupgrade-5.6.30...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•12 views

Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•12 views

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2024-50342...

4.3CVSS6.6AI score0.00481EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2026/06/09 9:6 a.m.•11 views

TYPO3-CORE-SA-2026-019: Broken Access Control in Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-019...

7.6CVSS5.4AI score0.00238EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702