Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
added 2016/11/18 12:17 p.m.9 views

SS-2016-010: ReadOnly transformation for formfields exploitable

More info at https://www.silverstripe.org/download/security-releases/ss-2016-010/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/07/19 1:3 p.m.9 views

Cross-Site Scripting vulnerability in typolinks

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-018...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/05/11 11:9 a.m.9 views

SS-2016-005: Brute force bypass on default admin

More info at https://www.silverstripe.org/download/security-releases/ss-2016-005/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/04/12 12:7 p.m.9 views

Privilege Escalation in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-012/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/12/15 11:38 a.m.9 views

TYPO3 is susceptible to Cross-Site Flashing

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/11/23 2:30 p.m.9 views

Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word

More info at https://framework.zend.com/security/advisory/ZF2015-09...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/11/13 10:30 a.m.9 views

SS-2015-027: HtmlEditor embed url sanitisation

More info at https://www.silverstripe.org/download/security-releases/ss-2015-027/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/09/15 5:15 p.m.9 views

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

7.8CVSS7.2AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/09/14 10:44 a.m.9 views

SS-2015-016: XSS in install.php

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-016/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/07/01 2:16 p.m.9 views

Information Disclosure possibility exploitable by Editors

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/29 12:53 a.m.9 views

SS-2015-013: X-Forwarded-Host request hostname injection

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-013/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/28 11:30 a.m.9 views

Denial of Service attack through XML payloads

More info at https://bakery.cakephp.org/2015/05/28/cakephp266and306released.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/13 10:53 a.m.9 views

Exploit in the private channel authentication

More info at https://blog.pusher.com/update-on-security/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/02/24 5:46 p.m.9 views

XSS injection in backoffice

More info at https://thelia.net/version-2-1-2-with-security-fix...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/02/12 3:55 p.m.9 views

SS-2015-006: XSS In GridField print

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-006/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/10/22 9:14 a.m.9 views

Arbitrary Shell Execution in Swiftmailer library

More info at https://typo3.org/security/advisory/typo3-core-sa-2014-002...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/05/20 10:21 a.m.9 views

Risk of mass-assignment vulnerabilities

More info at https://laravel.com/docs/5.1/upgradeupgrade-4.1.29...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/02/26 4:2 p.m.9 views

Potential XSS vector in multiple view helpers

More info at https://framework.zend.com/security/advisory/ZF2014-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/02/17 3:37 p.m.9 views

Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer

More info at https://framework.zend.com/security/advisory/ZF2014-02...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2013/04/08 1:16 p.m.9 views

Vulnerability in the filesystem loader

More info at http://blog.twig.sensiolabs.org/post/47461911874/security-release-twig-1-12-3-released...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2013/03/13 3:4 p.m.9 views

Potential SQL injection due to execution of platform-specific SQL containing interpolations

More info at https://framework.zend.com/security/advisory/ZF2013-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2013/03/13 8:39 a.m.9 views

Route Parameter Injection Via Query String in Zend\Mvc

More info at https://framework.zend.com/security/advisory/ZF2013-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2012/11/27 10:21 p.m.9 views

Request::getClientIp() when the trust proxy mode is enabled

More info at https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2012/09/29 4:19 p.m.9 views

Potential Proxy Injection Vulnerabilities in Multiple Zend Framework 2 Components

More info at https://framework.zend.com/security/advisory/ZF2012-04...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2011/08/29 10:36 p.m.9 views

SQL injection possibility

More info at https://www.doctrine-project.org/blog/dbal-security-2011-1.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2011/05/03 7:36 p.m.9 views

Potential SQL Injection Vector When Using PDO_MySql

More info at https://framework.zend.com/security/advisory/ZF2011-02...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-47212: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-47212...

5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders

More info at https://symfony.com/blog/cve-2026-46636-sandbox-filter-tag-and-function-allow-list-bypass-when-sandbox-state-changes-between-renders...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Signature validation bypass

More info at https://simplesamlphp.org/security/201710-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

More info at https://symfony.com/cve-2026-45067...

5.8AI score0.00062EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Sandbox `__toString()` policy bypass via dynamic mapping keys

More info at https://symfony.com/blog/cve-2026-48806-sandbox-tostring-policy-bypass-via-dynamic-mapping-keys...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-45756: JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits: ReDoS

More info at https://symfony.com/cve-2026-45756...

5.8AI score0.00082EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-48760: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense

More info at https://symfony.com/cve-2026-48760...

5.8AI score0.00025EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

More info at https://symfony.com/cve-2026-45064...

5.8AI score0.00069EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-45133: YAML Parser Stack Exhaustion via Unbounded Recursion in Nested Blocks, Sequences, and Mappings

More info at https://symfony.com/cve-2026-45133...

5.8AI score0.00089EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009

More info at https://www.drupal.org/sa-core-2019-009...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Exploit of encryption failure vulnerability

More info at https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012

More info at https://www.drupal.org/sa-core-2019-012...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Contextual Links validation - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names

More info at https://symfony.com/cve-2026-45070...

5.8AI score0.00056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/19 7:21 a.m.8 views

symfony/ux-icons XSS via unsanitized SVG content in local files and Iconify on-demand responses

Description The uxicon Twig function is marked issafe='html', so Twig never escapes its output. Icon::toHtml inlines the SVG source verbatim into the page. Browsers execute elements and on event-handler attributes found inside inline SVG, making any unsanitized icon a vector for cross-site...

6.1CVSS6AI score0.00194EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/18 2:12 p.m.8 views

Dot-only cookie domains match all hosts

Impact CookieJar incorrectly accepts cookies with a dot-only Domain attribute, such as Domain=., Domain=.., Domain=..., and whitespace-padded variants such as Domain= . . In affected versions, SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the...

5.8CVSS5.9AI score0.00111EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/11 10:41 a.m.8 views

CompilerRuntime code injection via unescaped function names

More info at https://github.com/jmespath/jmespath.php/security/advisories/GHSA-pcw8-m77r-2528...

9.8CVSS5.2AI score0.0032EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/09 9:1 a.m.8 views

TYPO3-CORE-SA-2026-016: Broken Access Control in File Abstraction Layer

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-016...

2.1CVSS5.4AI score0.00356EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/09 8:58 a.m.8 views

TYPO3-CORE-SA-2026-011: Broken Access Control in Recycler

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-011...

5.3CVSS5.4AI score0.00238EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/09 8:57 a.m.8 views

TYPO3-CORE-SA-2026-010: Cross-Site Scripting in Indexed Search

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-010...

5.1CVSS5.4AI score0.00269EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/08 8:0 p.m.8 views

TYPO3-CORE-SA-2026-006: TYPO3 HTML Sanitizer allows Cross-Site Scripting

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-006...

5.1CVSS5.4AI score0.00366EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/06 4:27 p.m.8 views

Chacha20Poly1305 key-encryption algorithm discards the Poly1305 authentication tag, performing no authentication on decryption

Impact The experimental Chacha20Poly1305 key-encryption algorithm generates the 16-byte Poly1305 authentication tag during encryptKey but discards it: the tag is never written to the header and therefore never reaches the wire. On the receiving side, decryptKey calls...

5.5AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/25 10:58 p.m.8 views

Host confusion via authority reinterpretation

Impact guzzlehttp/psr7 improperly interpreted malformed Host header values when constructing request URIs from inbound request data. This issue concerns inbound request parsing and server request construction. It does not require serializing a PSR-7 request, and it is not part of the normal...

5.3CVSS5.9AI score0.00198EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/25 10:58 p.m.8 views

CRLF injection via URI host component

Impact guzzlehttp/psr7 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. The issue requires a PSR-7 request to be serialized into a raw HTTP/1.x message, for example with GuzzleHttp\Psr7\Message::toString or an equivalent custom serializer. Creating a...

5.3CVSS5.9AI score0.00189EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702