Potential XML eXternal Entity injection vectors in Zend Framework 1 Zend_Feed component

More info at https://framework.zend.com/security/advisory/ZF2012-05...

Security fixes related to the way XML is handled

More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...

Potential XSS in Development Environment Error View Script

More info at https://framework.zend.com/security/advisory/ZF2011-01...

XML decoding attack vector through external entities

More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...

XSS vector in Zend_Filter_StripTags

More info at https://framework.zend.com/security/advisory/ZF2009-02...

LFI vector in Zend_View::setScriptPath() and render()

More info at https://framework.zend.com/security/advisory/ZF2009-01...

Information disclosure

More info at https://simplesamlphp.org/security/201911-02...

Stored XSS on first/last name during setup

More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...

Cookie serialization vulnerability

More info at https://laravel.com/docs/5.6/upgradeupgrade-5.6.30...

Remote Code Execution via Chosen-Ciphertext Attack

https://github.com/titon/framework/blob/cbf44729173d3a83b91a2b0a217c6b3827512e44/src/Titon/Crypto/OpenSslCipher.hhL30-L39 You aren't authenticating your ciphertexts, and then you're passing the decrypted result to unserialize. See also:...

Prevent installation typosquatting malware

More info at https://www.kernelmode.blog/typosquatting-malware-found-in-composer-repository/...

CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes

More info at https://symfony.com/cve-2026-48489...

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2024-50342...

Guard bypass in Eloquent models

More info at https://blog.laravel.com/security-release-laravel-61834-7232...

Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010

More info at https://www.drupal.org/sa-core-2019-010...

Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...

`template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name

More info at https://symfony.com/cve-2026-46634...

Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

More info at https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2...

Cross-site scripting (XSS) via script break-out in toScript() output

What's Changed Escape HTML tags in toScript output to prevent script break-out by @freekmurze in https://github.com/spatie/schema-org/pull/242 Values containing passed as schema properties could break out of the generated block and execute injected HTML when the value was attacker-controlled...

TYPO3-EXT-SA-2026-013: Remote Code Execution in extension "Content Element Selector" (ceselector)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-013...

Missing check that a point is on the prime subgroup for Edwards25519

More info at https://00f.net/2025/12/30/libsodium-vulnerability...

GraphQL grant on a property might be cached with different objects

Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...

GraphQL query operations security can be bypassed

Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...

EZSA-2020-005 Editor XSS and trashed drafts in review queue

More info at https://ezplatform.com/security-advisories/ezsa-2020-005-editor-xss-and-trashed-drafts-in-review-queue...

Potentially sensitive data exposure

Impact Inside Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::onPublish, messages are arbitrarily broadcasted to the related Topic if Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::dispatch does not succeed. The dispatch method can be considered to not succeed...

SSTI Vulnerability

More info at https://twitter.com/nystudio107/status/1268736336200171520?lang=en...

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-022...

Cross-Site Scripting in Form Framework validation handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-021...

EZSA-2019-007 Prevent accepting app.php in URL in Platform.sh

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-007-prevent-accepting-app.php-in-url-in-platform.sh...

EZSA-2019-006 Rules to disable executable access are ignored on Platform.sh (eZ Cloud)

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-006-rules-to-disable-executable-access-are-ignored-on-platform.sh-ez-cloud...

Vulnerability to bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. Please either disable the trusted feature in your application or upgrade to a bundle...

PRODSECBUG-2339: Arbitrary code execution due to unsafe handling of a carrier gateway

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

EZSA-2019-002 Password reset vulnerability

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-002-password-reset-vulnerability...

Remote code execution

More info at https://www.passbolt.com/incidents/20190211multiplevulnerabilities...

Cross-Site Scripting in Language Pack Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-004...

Cross-Site Scripting in Language Pack Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-004...

Broken Access Control in Localization Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-003...

Security Misconfiguration for Backend User Accounts

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-002...

Information Disclosure of Installed Extensions

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-001...

SS-2018-019: Possible denial of service attack vector when flushing

More info at https://www.silverstripe.org/download/security-releases/ss-2018-019/...

Cross-Site Scripting in Frontend User Login

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-008...

Cross-Site Scripting in Online Media Asset Rendering

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-006...

SUPEE-10975 - Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities

More info at https://magento.com/security/patches/supee-10975...

EZSA-2018-005 Passwordless login for LDAP users

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users...

Magento 2.2.6 and 2.1.15 Security update

More info at https://magento.com/security/patches/magento-2.2.6-and-2.1.15-security-update...

SS-2018-016: Unsafe SQL Query Construction (Safe Data Source)

More info at https://www.silverstripe.org/download/security-releases/ss-2018-016/...

Adminer script versions up to 4.6.2 contains file disclosure vulnerability

More info at https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability...

SS-2018-013: Passwords sent back to browsers under some circumstances

More info at https://www.silverstripe.org/download/security-releases/ss-2018-013/...

SS-2018-008: BackURL validation bypass with malformed URLs

More info at https://www.silverstripe.org/download/security-releases/ss-2018-008/...

SS-2018-005: isDev and isTest unguarded

More info at https://www.silverstripe.org/download/security-releases/ss-2018-005/...