1702 matches found
TYPO3-CORE-SA-2026-007: Broken Access Control in File Abstraction Layer
More info at https://typo3.org/security/advisory/typo3-core-sa-2026-007...
JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks
Summary JWSVerifier::getAlgorithm in src/Library/Signature/JWSVerifier.php line 144 merges protected and unprotected headers using PHP's spread operator: php $completeHeader = ...$signature-getProtectedHeader, ...$signature-getHeader; In PHP, when spreading arrays with duplicate string keys, the...
PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service
Impact When a JWE uses a password-based key-encryption algorithm PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, PBES2AESKW::unwrapKey reads the p2c PBKDF2 iteration count parameter directly from the attacker-controlled JOSE header and passes it to hashpbkdf2 with no upper bound. The...
symfony/ux-live-component XSS via attacker-controlled child component tag
Description Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml interpolates the $childTag argument directly into the HTML output as a tag name, without escaping or validation. The value originates from client-controlled JSON childrenid.tag parsed by LiveComponentSubscriber an...
SQL Injection in extension "News system" (news)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-010...
TYPO3-EXT-SA-2026-012: SQL Injection in extension "Address List" (tt_address)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-012...
TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...
Argument injection via newline in PHP INI values forwarded to child processes
Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...
GraphQL query operations security can be bypassed
Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...
Regular expression Denial of Service
More info at https://typo3.org/security/advisory/typo3-ext-sa-2021-002...
Potentially sensitive data exposure
Impact Inside Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::onPublish, messages are arbitrarily broadcasted to the related Topic if Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::dispatch does not succeed. The dispatch method can be considered to not succeed...
Disclosure of files via logo_path query parameter
Require version that checks mime type...
Cross-Site Scripting in Form Framework validation handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-021...
Possible Insecure Deserialization in Extbase Request Handling
More info at https://typo3.org/security/advisory/typo3-psa-2019-011...
Arbitrary Code Execution and Cross-Site Scripting in Backend API
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-019...
Information Disclosure Security Note
More info at https://www.neos.io/blog/neos-workspace-disclosure-security.html...
EZSA-2019-002 Password reset vulnerability
More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-002-password-reset-vulnerability...
Remote code execution
More info at https://www.passbolt.com/incidents/20190211multiplevulnerabilities...
Cross-Site Scripting in Language Pack Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-004...
Cross-Site Scripting in Language Pack Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-004...
Broken Access Control in Localization Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-003...
Security Misconfiguration for Backend User Accounts
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-002...
Information Disclosure of Installed Extensions
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-001...
Cross-Site Scripting in Frontend User Login
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-008...
Cross-Site Scripting in Online Media Asset Rendering
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-006...
EZSA-2018-006 XSS vulnerability in 'disabled module' error template
More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template...
EZSA-2018-005 Passwordless login for LDAP users
More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users...
Magento 2.2.6 and 2.1.15 Security update
More info at https://magento.com/security/patches/magento-2.2.6-and-2.1.15-security-update...
Adminer script versions up to 4.6.2 contains file disclosure vulnerability
More info at https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability...
SS-2018-005: isDev and isTest unguarded
More info at https://www.silverstripe.org/download/security-releases/ss-2018-005/...
SS-2018-008: BackURL validation bypass with malformed URLs
More info at https://www.silverstripe.org/download/security-releases/ss-2018-008/...
SS-2018-013: Passwords sent back to browsers under some circumstances
More info at https://www.silverstripe.org/download/security-releases/ss-2018-013/...
XSS in some development error pages
More info at https://bakery.cakephp.org/2018/05/20/cakephp36435173414released.html...
SS-2018-011: SQL injection vulnerability
More info at https://www.silverstripe.org/download/security-releases/ss-2018-011/...
SQL injection possible with limit() on MySQL
The limit query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: php UserQuery::create-limit'1;DROP TABLE users'-find; This will drop the users table! The cause appears to be a lack of integer casting of the limit input in either...
SS-2017-008: SQL injection in full text search of SilverStripe 4
More info at https://www.silverstripe.org/download/security-releases/ss-2017-008/...
SS-2017-009: Users inadvertently passing sensitive data to LoginAttempt
More info at https://www.silverstripe.org/download/security-releases/ss-2017-009/...
Cross-Site Scripting in TYPO3 CMS Backend
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-004/...
Missing state parameter in OAuth requests leading to CSRF vulnerability
No description provided...
Flow Bugfix Releases for Entity Security
More info at https://www.neos.io/blog/flow-bugfix-releases-for-entity-security.html...
Authentication Bypass in TYPO3 Frontend
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-002/...
SUPEE-9652 - Remote Code Execution using mail vulnerability
More info at https://magento.com/security/patches/supee-9652...
Time-Based Information Disclosure Vulnerability in Flow
More info at https://www.neos.io/blog/flow-sa-2016-001.html...
Time-Based Information Disclosure Vulnerability in Flow
More info at https://www.neos.io/blog/flow-sa-2016-001.html...
Cross-Site Scripting in TYPO3 Backend
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-021...
Potential Insufficient Entropy Vulnerability in ZF1
More info at https://framework.zend.com/security/advisory/ZF2016-01...
Uses insecure CSPRNG (openssl_random_pseudo_bytes())
It's not fork safe - In most versions of PHP, it lies about being secure - And today I learned that OpenSSL, by default i.e. unchangable from PHP land uses MD5 as a CSPRNG thanks @atoponce I'm stuck between several possible avenues: - Release a new version v1.3.0 or most likely v2.0.0 that...
Cross-Site Scripting in TYPO3 component CSS styled content
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-007/...
XML External Entity (XXE) Processing in TYPO3 Core
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-005/...
Cross-Site Scripting in form component
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-004/...