1702 matches found
Broken Access Control in Localization Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-003...
SS-2018-020: Potential SQL vulnerability in PostgreSQL database connector
More info at https://www.silverstripe.org/download/security-releases/ss-2018-020/...
SUPEE-10975 - Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
More info at https://magento.com/security/patches/supee-10975...
Insecure Deserialization in TYPO3 CMS
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-004...
URL Rewrite vulnerability
More info at https://framework.zend.com/security/advisory/ZF2018-01...
Crypt encryption compromised.
More info at https://fuelphp.com/security-advisories...
Incorrect header injection check
Security: Reject header injections correctly, see 4...
EZSA-2018-001 Several vulnerabilities in Forgot password, Information collector, XML text, and Matrix field type features
More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features...
SS-2017-002: Member disclosure in login form
More info at https://www.silverstripe.org/download/security-releases/ss-2017-002/...
SS-2017-004: XSS in page history comparison
More info at https://www.silverstripe.org/download/security-releases/ss-2017-004/...
Missing state parameter in OAuth requests leading to CSRF vulnerability
More info at https://github.com/sensiolabs/connect/pull/63...
Remote Code Execution Vulnerability
More info at https://community.shopware.com/detail1989.html...
Potential remote code execution in zend-mail via Sendmail adapter
More info at https://framework.zend.com/security/advisory/ZF2016-04...
ImageMagick driver does not escape all shell arguments.
More info at https://fuelphp.com/security-advisories...
Insecure Unserialize in TYPO3 Import/Export
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-015...
SS-2016-004: XSS in CMS Edit Page
More info at https://www.silverstripe.org/download/security-releases/ss-2016-004/...
Authentication Bypass in TYPO3 CMS
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-011/...
Cross-Site Scripting in TYPO3 component Indexed Search
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/...
SS-2015-017: Forum Module CSRF Vulnerability
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-017/...
Insecure state generation
More info at https://github.com/laravel/socialite/pull/91...
Brute Force Protection Bypass in backend login
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006/...
SS-2015-012: External redirection risk in Security?ReturnURL
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-012/...
Privilege Escalation in TYPO3 Neos
More info at https://www.neos.io/blog/neos-sa-2015-001.html...
SS-2015-009: XSS In rewritten hash links
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/...
SS-2014-015: IE requests not properly behaving with rewritehashlinks
More info at https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/...
SS-2015-008: SiteTree Creation Permission Vulnerability
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability/...
Critical vulnerabilities in JSON Web Token libraries
More info at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/...
SS-2015-004: TreeDropdownField and TreeMultiSelectField XSS
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-004/...
SS-2015-005: VirtualPage XSS
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-005/...
Possible cache poisining on the homepage when anchors are used
More info at https://typo3.org/security/advisory/typo3-core-sa-2014-003...
Entropy is lost in the TokenGenerator
More info at https://symfony.com/blog/fosuserbundle-entropy-of-generated-tokens-is-lost...
Potential SQL injection in the ORDER implementation of Zend_Db_Select
More info at https://framework.zend.com/security/advisory/ZF2014-04...
Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse
More info at https://framework.zend.com/security/advisory/ZF2014-01...
Potential XSS vector in multiple view helpers
More info at https://framework.zend.com/security/advisory/ZF2014-03...
Potential Information Disclosure and Insufficient Entropy vulnerabilities in Zend\Math\Rand and Zend\Validate\Csrf Components
More info at https://framework.zend.com/security/advisory/ZF2013-02...
Potential XML eXternal Entity injection vectors in Zend Framework 1 Zend_Feed component
More info at https://framework.zend.com/security/advisory/ZF2012-05...
Security fixes related to the way XML is handled
More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...
Fixed the user refreshing to check the identity by primary key instead of username
Changelog ========= 4.1.0 2026-02-13 Convert XML config files to other formats to fix the deprecation of XML config files in Symfony Add PHP routing files alongside the XML ones. Loading the XML routing files triggers a deprecation in Symfony 7.4. Fix deprecation in the UserChecker Fix the...
Potential XSS in Development Environment Error View Script
More info at https://framework.zend.com/security/advisory/ZF2011-01...
XSS vector in Zend_Filter_StripTags
More info at https://framework.zend.com/security/advisory/ZF2009-02...
LFI vector in Zend_View::setScriptPath() and render()
More info at https://framework.zend.com/security/advisory/ZF2009-01...
Prevent installation typosquatting malware
More info at https://www.kernelmode.blog/typosquatting-malware-found-in-composer-repository/...
Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments
More info at https://symfony.com/cve-2026-46629...
Information disclosure
More info at https://simplesamlphp.org/security/201911-02...
Vulnerability to bypass two-factor authentication with remember-me option
Bundle version: 4.10.0 Symfony version: 3.4.31 Description Bypass 2fa by rememberme cookie To Reproduce We have a login form with rememberme checkbox functionality, When using the checkbox, symfony creates a cookie "REMEMBERME". That moment we get redirected to the 2fa-auth page. We have no acces...
Guard bypass in Eloquent models
More info at https://blog.laravel.com/security-release-laravel-61834-7232...
Cookie serialization vulnerability
More info at https://laravel.com/docs/5.6/upgradeupgrade-5.6.30...
Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution
More info at https://www.drupal.org/sa-core-2018-006...
CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient
More info at https://symfony.com/cve-2024-50342...
TYPO3-CORE-SA-2026-019: Broken Access Control in Form Framework
More info at https://typo3.org/security/advisory/typo3-core-sa-2026-019...