1702 matches found
CRLF injection via URI host component
Impact guzzlehttp/psr7 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. The issue requires a PSR-7 request to be serialized into a raw HTTP/1.x message, for example with GuzzleHttp\Psr7\Message::toString or an equivalent custom serializer. Creating a...
IBEXA-SA-2020-006 Object Injection in legacy shop module
More info at https://ezplatform.com/security-advisories/ibexa-sa-2020-006-object-injection-in-legacy-shop-module...
E-mail HTML injection
More info at https://www.passbolt.com/incidents/20190211multiplevulnerabilities...
Security Misconfiguration in Install Tool Cookie
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-009...
Cross-Site Scripting in Backend Modal Component
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-007...
EZSA-2018-007 User data disclosure
More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-007-user-data-disclosure...
URL Rewrite vulnerability
More info at https://framework.zend.com/security/advisory/ZF2018-01...
SS-2017-010: install.php discloses sensitive data by pre-populating DB credential forms
More info at https://www.silverstripe.org/download/security-releases/ss-2017-010/...
XSS in class documenting_xmlrpc_server
More info at https://github.com/gggeek/phpxmlrpc-extras/releases/tag/0.6.1...
SS-2017-003: XSS in RedirectorPage
More info at https://www.silverstripe.org/download/security-releases/ss-2017-003/...
SUPEE-9652 - Remote Code Execution using mail vulnerability
More info at https://magento.com/security/patches/supee-9652...
Remote Code Execution Vulnerability
More info at https://community.shopware.com/detail1989.html...
Cross-Site Scripting in TYPO3 Backend
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-014/...
Missing Access Check in TYPO3 CMS
More info at https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/...
SS-2016-006: Missing CSRF protection in login form
More info at https://www.silverstripe.org/download/security-releases/ss-2016-006/...
SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers
More info at https://www.silverstripe.org/download/security-releases/ss-2016-003/...
XSS vulnerabilities in Neos
More info at https://www.neos.io/blog/neos-sa-2015-002.html...
SS-2015-026: Form field validation message XSS vulnerability
More info at https://www.silverstripe.org/download/security-releases/ss-2015-026/...
SS-2016-013: Member.Name is not escaped
More info at https://www.silverstripe.org/download/security-releases/ss-2016-013/...
SS-2016-011: ChangePasswordForm does not check Member::canLogIn()
More info at https://www.silverstripe.org/download/security-releases/ss-2016-011/...
SS-2015-010: XSS in Director::force_redirect()
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/...
SS-2014-017: XML Quadratic Blowup Attack
More info at https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/...
Potential Remote Address Spoofing Vector in Zend\Http\PhpEnvironment\RemoteAddress
More info at https://framework.zend.com/security/advisory/ZF2013-04...
Fixes a security issue where the session could be hijacked
Changelog ========= 4.1.0 2026-02-13 Convert XML config files to other formats to fix the deprecation of XML config files in Symfony Add PHP routing files alongside the XML ones. Loading the XML routing files triggers a deprecation in Symfony 7.4. Fix deprecation in the UserChecker Fix the...
Potential XSS vector in Zend_Dojo_View_Helper_Editor
More info at https://framework.zend.com/security/advisory/ZF2010-02...
CVE-2026-45753: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite: javascript: URI Survives Sanitization (XSS)
More info at https://symfony.com/cve-2026-45753...
Sandbox does not protect against resource exhaustion
More info at https://symfony.com/cve-2026-46627...
CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization
More info at https://symfony.com/cve-2026-48784...
Sandbox property allowlist bypass via the `column` filter (array_column on objects)
More info at https://symfony.com/cve-2026-46635...
Reflected Cross-Site-Scripting
More info at https://simplesamlphp.org/security/201907-01...
Possible sandbox bypass when using a source policy
More info at https://symfony.com/cve-2026-24425...
CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
More info at https://symfony.com/cve-2026-45074...
CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45754...
CVE-2026-45755: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45755...
CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
More info at https://symfony.com/cve-2026-45304...
CVE-2026-45133: YAML Parser Stack Exhaustion via Unbounded Recursion in Nested Blocks, Sequences, and Mappings
More info at https://symfony.com/cve-2026-45133...
Drupal core - Moderately critical - Denial of Service
More info at https://www.drupal.org/sa-core-2024-001...
CVE-2026-48760: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense
More info at https://symfony.com/cve-2026-48760...
CVE-2026-45077: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
More info at https://symfony.com/cve-2026-45077...
CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization
More info at https://symfony.com/cve-2026-48784...
CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection
More info at https://symfony.com/cve-2026-45065...
CVE-2026-45063: Identity Spoofing via Unanchored DN Regex in X509Authenticator
More info at https://symfony.com/cve-2026-45063...
CVE-2026-45063: Identity Spoofing via Unanchored DN Regex in X509Authenticator
More info at https://symfony.com/cve-2026-45063...
CVE-2026-54721 - Remote code execution via userforms email subject
More info at https://www.silverstripe.org/download/security-releases/cve-2026-54721...
Silent HTTPS proxy downgrade to cleartext
Impact The built-in cURL handlers GuzzleHttp\Handler\CurlHandler and GuzzleHttp\Handler\CurlMultiHandler, used by default whenever the PHP cURL extension is available accept an https:// proxy — a proxy reached over a TLS-encrypted connection — through the proxy request option, client-level proxy...
CRLF injection in HTTP start-line serialization
Impact guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled data into one of those fields and later serialized the PSR-7 message as raw HTTP/1.x...
XML injection via CDATA terminator in XML request serialization
Impact guzzlehttp/guzzle-services does not safely serialize scalar XML element values containing the CDATA terminator . The XML request serializer writes values containing , or & with XMLWriter::writeCData$value. If attacker-controlled input contains , the CDATA section closes early and the...
Mass-assignment in Factory::loadFromProvisioningUri lets a hostile provisioning URI corrupt OTP state or leak an uncaught TypeError
Summary OTPHP\Factory::loadFromProvisioningUri parses an attacker-supplied otpauth:// URI and forwards every query key to OTP::setParameter$key, $value. setParameter resolves the name with propertyexists$this, $parameter and performs a dynamic write $this-$parameter = $value src/OTP.php:196-197...
Unbounded digits parameter in a provisioning URI triggers an uncaught DivisionByZeroError in OTP generation
Summary The digits parameter parsed from a provisioning URI is validated only with a lower bound $value 0 and has no upper bound src/OTP.php:353-357. OTP generation computes $code % 10 $this-getDigits src/OTP.php:283. When digits is large enough that 10 digits overflows PHP's integer range and th...
Insufficient nonce entropy
Impact Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.phpL192. This can leave servers vulnerable to replay attacks when TLS is not used. Patches Upgrade to version 0.8.1 or higher...