Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

More info at https://symfony.com/cve-2026-45065...

5.8AI score0.0004EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names

More info at https://symfony.com/cve-2026-45070...

5.8AI score0.00056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`

More info at https://symfony.com/blog/cve-2026-48805-sandbox-state-regression-in-deprecated-internal-wrappers-in-src-resources-core-php...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Sandbox `__toString()` policy bypass via `Traversable` in `join`/`replace` and `in`/`not in` operators

More info at https://symfony.com/blog/cve-2026-48807-sandbox-tostring-policy-bypass-via-traversable-in-join-replace-and-in-not-in-operators...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Authentication bypass via attacker provided openid server

Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...

6.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

CVE-2026-45305: YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex

More info at https://symfony.com/cve-2026-45305...

5.8AI score0.00076EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Contextual Links validation - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001

More info at https://www.drupal.org/sa-core-2020-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005

More info at https://www.drupal.org/sa-core-2021-005...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009

More info at https://www.drupal.org/sa-core-2019-009...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Laravel CRLF injection in default email rule

Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...

5.2AI score0.00048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

SQL Server LIMIT / OFFSET SQL Injection

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

7.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Anonymous Open Redirect - Moderately Critical - Open Redirect

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

CVE-2026-45755: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45755...

5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/09 9:3 a.m.9 views

TYPO3-CORE-SA-2026-018: Insecure Deserialization in Core API

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-018...

6.3CVSS5.4AI score0.00215EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/09 9:1 a.m.9 views

TYPO3-CORE-SA-2026-015: Broken Access Control in Backend API

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-015...

5.3CVSS5.4AI score0.00238EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/09 9:0 a.m.9 views

TYPO3-CORE-SA-2026-014: Broken Access Control in Clipboard

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-014...

5.3CVSS5.4AI score0.00238EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/09 8:59 a.m.9 views

TYPO3-CORE-SA-2026-013: Broken Access Control in Media Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-013...

7.1CVSS5.4AI score0.00313EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/09 8:58 a.m.9 views

TYPO3-CORE-SA-2026-012: Broken Access Control in DataHandler

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-012...

5.3CVSS5.4AI score0.00238EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/08 8:0 p.m.9 views

TYPO3-CORE-SA-2026-006: TYPO3 HTML Sanitizer allows Cross-Site Scripting

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-006...

2.1CVSS5.4AI score0.00282EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/06 4:30 p.m.9 views

JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks

Summary JWSVerifier::getAlgorithm in src/Library/Signature/JWSVerifier.php line 144 merges protected and unprotected headers using PHP's spread operator: php $completeHeader = ...$signature-getProtectedHeader, ...$signature-getHeader; In PHP, when spreading arrays with duplicate string keys, the...

5.4AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/28 6:30 p.m.9 views

Path traversal and reflected XSS in Flag and Icon Twig components

EasyAdminBundle ships two public Twig components — and — that load SVG files from disk using a path built directly from a public component property, and then render the resulting markup with the Twig |raw filter. When an application binds either of those properties to data that is influenced by a...

5.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/04/06 1:30 p.m.9 views

Regression in Query Parenthesis can have Security Implications

Return insensitive check after 8453 Problem: -andWhere"u.name = ?1 or u.username = ?1"; did not wrap part in parenthesis when or or and was written in lowercase anymore. It still worked for uppercase OR and AND. Fixes 8595...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/07/06 2:8 p.m.9 views

Potentially sensitive data exposure

Description Impact Inside Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::onPublish, messages are arbitrarily broadcasted to the related Topic if Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::dispatch does not succeed. The dispatch method can be considered to...

1.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/05/20 4:45 p.m.9 views

EZSA-2020-004 Object Injection in SiteAccessMatchListener

More info at https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/04/28 6:8 p.m.9 views

SSTI Vulnerability

More info at https://twitter.com/nystudio107/status/1268736336200171520?lang=en...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/03/03 10:14 p.m.9 views

Fixes redirect uri validation in oauth

More info at https://github.com/FriendsOfSymfony/oauth2-php/releases/tag/1.3.0...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/01/21 3:10 p.m.9 views

Unexpected bindings in QueryBuilder

This is a follow-up to the previous security advisory GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the quer...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/12/17 9:50 a.m.9 views

Cross-Site Scripting in Form Framework validation handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-021...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/27 12:0 a.m.9 views

EZSA-2019-004 CSRF token in login form is disabled by default

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-004-csrf-token-in-login-form-is-disabled-by-default...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 6:38 a.m.9 views

Information Disclosure in Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-014...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 6:38 a.m.9 views

Information Disclosure in Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-014...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/05/23 12:0 a.m.9 views

EZSA-2019-003 XSS in eZFind spellcheck

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-003-xss-in-ezfind-spellcheck...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/01/22 8:41 a.m.9 views

Arbitrary Code Execution via File List Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-008...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/01/22 8:41 a.m.9 views

Information Disclosure of Installed Extensions

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/12/14 12:44 p.m.9 views

Denial of service

Make the world a bit safer...

7.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/12/11 9:56 a.m.9 views

Cross-Site Scripting in Frontend User Login

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-008...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/12/11 9:56 a.m.9 views

Cross-Site Scripting in Online Media Asset Rendering

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/12/11 9:55 a.m.9 views

Denial of Service in Frontend Record Registration

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-012...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/11/28 3:41 p.m.9 views

Magento 2.2.7 and 2.1.16 Security update. Closes RCE,XSS and other vulnerabilities

More info at https://magento.com/security/patches/magento-2.2.7-and-2.1.16-security-update...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/07/16 5:29 p.m.9 views

SS-2018-017: Possible PHP Object Injection via Multi-Value Field Extension

More info at https://www.silverstripe.org/download/security-releases/ss-2018-017/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/07/12 9:34 a.m.9 views

Privilege Escalation & SQL Injection in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-003...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/06/29 12:0 a.m.9 views

SUPEE-10752 - Multiple security enhancements vulnerabilities

More info at https://magento.com/security/patches/supee-10752...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/06/11 3:28 p.m.9 views

URL Rewrite vulnerability

More info at https://framework.zend.com/security/advisory/ZF2018-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/14 10:54 a.m.9 views

SS-2018-014: Dangerous file types in allowed upload

More info at https://www.silverstripe.org/download/security-releases/ss-2018-014/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/12/07 1:27 p.m.9 views

SS-2017-007: CSV Excel Macro Injection

More info at https://www.silverstripe.org/download/security-releases/ss-2017-007/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/09/05 11:37 a.m.9 views

Information Disclosure in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/08/21 1:16 p.m.9 views

EZSA-2017-006 Information disclosure in backend content tree menu

More info at http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/01/03 1:29 p.m.9 views

Cross-Site Scripting in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/...

7.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities1702