1702 matches found
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/...
XSS vulnerabilities in Neos
More info at https://www.neos.io/blog/neos-sa-2015-002.html...
Arbitrary file upload and XML External Entity processing
More info at https://www.neos.io/blog/flow-sa-2015-001.html...
State guessing vulnerability
By doing this we're protecting against people trying to guess the state...
Critical SQL injection bug in the ODBC database driver
More info at https://forum.codeigniter.com/thread-65803.html...
Cross-Site Scripting exploitable by Editors
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004/...
XXE Vulnerability
Security: XML filescan in XML-based Readers to prevent XML Entity Expansion XEE see http://projects.webappsec.org/w/page/13247002/XML%20Entity%20Expansion for an explanation of XEE injection attacks...
SS-2016-014: Pre-existing alc_enc cookies log users in if remember me is disabled
More info at https://www.silverstripe.org/download/security-releases/ss-2016-014/...
SS-2016-008: Password encryption salt expiry
More info at https://www.silverstripe.org/download/security-releases/ss-2016-008/...
Session validation vulnerability
More info at https://framework.zend.com/security/advisory/ZF2015-01...
Header injection in NativeMailerHandler
Hopefully attacker controlled data is never used to set the encoding or content type, but just in case, prevent: $nmh = new NativeMailerHandler$to, $subject, $from; $nmh-setEncoding "utf-8\r\nFrom: [email protected]"; Since the injection happened in send, there doesn't seem to be a good way to a...
Sendmail transport arbitrary shell execution
More info at http://blog.swiftmailer.org/post/88660759928/security-fix-swiftmailer-5-2-1-released...
The ExtJS JavaScript framework that is shipped with TYPO3 is susceptible to XSS
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...
Authentication adapter did not verify validity of tokens
Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a release 0.1.2, tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication credentials...
Potential XSS vector in multiple view helpers
More info at https://framework.zend.com/security/advisory/ZF2014-03...
Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse
More info at https://framework.zend.com/security/advisory/ZF2014-01...
Authentication Vulnerability - possible attempt to login via zero-valued password credential
Security advisory: zero-valued authentication credentials vulnerability DoctrineModule version 0.7.2 has been just released and includes a security fix for 248 via @5f79a9f7b and @78018ef568, Affected versions All versions below 0.7.2 are affected. dev-master and 0.8.x are not affected starting...
Request::getClientIp() when the trust proxy mode is enabled
More info at https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4...
Potential XSS Vectors in Multiple Zend Framework 2 Components
More info at https://framework.zend.com/security/advisory/ZF2012-03...
Local file disclosure via XXE injection in Zend_XmlRpc
More info at https://framework.zend.com/security/advisory/ZF2012-01...
XML decoding attack vector through external entities
More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...
SQL injection possibility
More info at https://www.doctrine-project.org/blog/doctrine-security-fix.html...
Potential Security Issues in Bundled Dojo Library
More info at https://framework.zend.com/security/advisory/ZF2010-07...
Padding Oracle Vulnerability in RSA Encryption
See https://framework.zend.com/security/advisory/ZF2015-10 it's essentially the same vulnerability...
CVE-2026-45077: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
More info at https://symfony.com/cve-2026-45077...
Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
More info at https://symfony.com/blog/cve-2026-48808-sandbox-property-allowlist-bypass-via-the-column-filter-under-sourcepolicyinterface...
CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content
More info at https://symfony.com/cve-2026-48761...
CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering
More info at https://symfony.com/cve-2026-45072...
CVE-2024-50343: Incorrect response from Validator when input ends with ` `
More info at https://symfony.com/cve-2024-50343...
CVE-2026-45305: YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex
More info at https://symfony.com/cve-2026-45305...
External URL injection through URL aliases - Moderately Critical - Open Redirect
More info at https://www.drupal.org/sa-core-2018-006...
Content moderation - Moderately critical - Access bypass
More info at https://www.drupal.org/sa-core-2018-006...
External URL injection through URL aliases - Moderately Critical - Open Redirect
More info at https://www.drupal.org/sa-core-2018-006...
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013
More info at https://www.drupal.org/sa-core-2020-013...
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005
More info at https://www.drupal.org/sa-core-2021-005...
Laravel CRLF injection in default email rule
Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...
CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes
More info at https://symfony.com/cve-2026-48489...
symfony/ux-toolkit Path Traversal allows arbitrary file write and read via crafted recipe manifest
Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. The only guard against malicious paths was Path::isRelative, which returns true for paths like ../../../etc. Path::join then resolves the .. segments without complaint, so the...
TYPO3-CORE-SA-2026-009: Open Redirect in TYPO3 CMS
More info at https://typo3.org/security/advisory/typo3-core-sa-2026-009...
PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service
Impact When a JWE uses a password-based key-encryption algorithm PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, PBES2AESKW::unwrapKey reads the p2c PBKDF2 iteration count parameter directly from the attacker-controlled JOSE header and passes it to hashpbkdf2 with no upper bound. The...
Unsafe Deserialization in PHPT Code Coverage Handling
Overview A vulnerability has been discovered involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserializes code coverage files without validation, potentially allowing remote code execution if malicious...
Possible SQL injection in widget field value
Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0. For more information If you have any questions or comments...
Potentially sensitive data exposure
Description Impact Inside Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::onPublish, messages are arbitrarily broadcasted to the related Topic if Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::dispatch does not succeed. The dispatch method can be considered to...
Insecure default secret key and IV allowing anyone to decrypt values
This issue has been deleted...
EZSA-2020-003 XSS in DemoBundle/ezdemo bundled VideoJS
More info at https://ezplatform.com/security-advisories/ezsa-2020-003-xss-in-demobundle-ezdemo-bundled-videojs...
XSS vulnerability in blade templating
More info at https://github.com/laravel/framework/pull/31945...
Cross-Site Scripting in Link Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-022...
Cross-Site Scripting in Link Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-022...
PRODSECBUG-2422: Cross-Site Scripting via Email Template Name
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
Vulnerability to bypass two-factor authentication with unverified JWT trusted device token
Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. Please either disable the trusted feature in your application or upgrade to a bundle...