Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
added 2020/12/01 1:36 p.m.7 views

IBEXA-SA-2020-007 Failing access control in system info view

More info at https://developers.ibexa.co/security-advisories/ibexa-sa-2020-007-failing-access-control-in-system-info-view...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/02/20 3:55 p.m.7 views

EZSA-2020-001 Remote code execution in file uploads

More info at https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/04/03 12:0 a.m.7 views

EZSA-2019-002 Password reset vulnerability

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-002-password-reset-vulnerability...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/03/12 12:0 a.m.7 views

EZSA-2019-001 XSS in Admin UI

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-001-xss-in-admin-ui...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/01/22 8:41 a.m.7 views

Security Misconfiguration for Backend User Accounts

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-002...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/12/11 9:56 a.m.7 views

Information Disclosure in Install Tool

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-010...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/12/11 9:56 a.m.7 views

Security Misconfiguration in Install Tool Cookie

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-009...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/12/11 9:55 a.m.7 views

Denial of Service in Online Media Asset Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/10/30 2:55 p.m.7 views

EZSA-2018-009 Do not interpret PHP/PHAR uploads

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/10/19 2:12 p.m.7 views

EZSA-2018-008 REST API returns list of all SiteAccesses

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-008-rest-api-returns-list-of-all-siteaccesses...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/06/27 12:0 a.m.7 views

Magento 2.2.5 and 2.1.14 Security update

More info at https://magento.com/security/patches/magento-2.2.5-and-2.1.14-security-update...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/24 1:11 p.m.7 views

SS-2018-010: Member disclosure in login form

More info at https://www.silverstripe.org/download/security-releases/ss-2018-010/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/02/01 5:33 p.m.7 views

SS-2018-004: XSS Vulnerability via WYSIWYG editor

More info at https://www.silverstripe.org/download/security-releases/ss-2018-004/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/07/01 2:16 p.m.7 views

Frontend login Session Fixation

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/07 11:30 a.m.7 views

Incorrect CSRF validation

More info at https://bakery.cakephp.org/2015/05/07/cakephp304released.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/04/13 12:10 p.m.7 views

User authentication bypass

More info at https://thelia.net/version-2-1-3-with-security-fix...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/01/16 6:44 a.m.7 views

XSS vulnerability in login redirect param

Security advisory: XSS vulnerability in login redirect param ScnSocialAuth version 1.15.2 has been released and includes a security for this vulnerability. Fix has been applied in 4a00966 Affected versions All versions below 1.15.2 are affected. dev-master is fixed starting from 4a00966 Exploits...

2.6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

PHP code injection via `{% use %}` template name

More info at https://symfony.com/cve-2026-46633...

5.8AI score0.00357EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass

More info at https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass...

7.3CVSS6.6AI score0.01344EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

More info at https://symfony.com/cve-2026-46637...

5.8AI score0.0006EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

The `spaceless` filter implicitly marks its output as safe

More info at https://symfony.com/cve-2026-46628...

5.8AI score0.00056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

More info at https://symfony.com/cve-2026-46637...

5.8AI score0.0006EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

CVE-2026-45753: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite: javascript: URI Survives Sanitization (XSS)

More info at https://symfony.com/cve-2026-45753...

5.8AI score0.00082EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

CVE-2026-45073: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix

More info at https://symfony.com/cve-2026-45073...

5.8AI score0.00062EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

CVE-2026-45756: JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits: ReDoS

More info at https://symfony.com/cve-2026-45756...

5.8AI score0.00082EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...

8.7CVSS7.2AI score0.00747EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010

More info at https://www.drupal.org/sa-core-2019-010...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

Exploit of encryption failure vulnerability

More info at https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

More info at https://symfony.com/cve-2026-45069...

5.8AI score0.0005EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

More info at https://symfony.com/cve-2026-45074...

5.8AI score0.00064EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering

More info at https://symfony.com/cve-2026-45072...

5.8AI score0.00062EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address

More info at https://symfony.com/cve-2026-45068...

5.8AI score0.00062EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

More info at https://symfony.com/cve-2026-45069...

5.8AI score0.0005EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/06 4:27 p.m.6 views

RSA1_5 (RSAES-PKCS1-v1_5) decryption lacks implicit rejection, exposing a Bleichenbacher/Marvin padding oracle

Impact RSACrypt::decryptWithRSA15 used by the RSA15 key-encryption algorithm implements RSAES-PKCS1-v15 decryption by inspecting the padding after RSADP and throwing InvalidArgumentException as soon as the padding is malformed. It does not implement the implicit-rejection countermeasure required ...

5.4AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/06 4:27 p.m.6 views

Chacha20Poly1305 key-encryption algorithm discards the Poly1305 authentication tag, performing no authentication on decryption

Impact The experimental Chacha20Poly1305 key-encryption algorithm generates the 16-byte Poly1305 authentication tag during encryptKey but discards it: the tag is never written to the header and therefore never reaches the wire. On the receiving side, decryptKey calls...

5.5AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/05/20 1:37 p.m.6 views

Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003

More info at https://www.drupal.org/sa-core-2020-003...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/10/18 1:58 p.m.6 views

By-passing Protection of PharStreamWrapper Interceptor

More info at https://typo3.org/security/advisory/typo3-psa-2018-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45754...

5.8AI score0.00103EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address

More info at https://symfony.com/cve-2026-45068...

5.8AI score0.00062EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45754...

5.8AI score0.00103EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

SS-2018-015: Vulnerable dependency

More info at https://www.silverstripe.org/download/security-releases/ss-2018-015/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

CVE-2026-47212: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-47212...

5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

Anonymous Open Redirect - Moderately Critical - Open Redirect

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass

More info at https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass...

7.3CVSS6.6AI score0.01344EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

CVE-2026-45071: XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true

More info at https://symfony.com/cve-2026-45071...

5.8AI score0.00052EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/24 2:53 a.m.5 views

CVE-2026-55779 - XSS in archive admin restore

More info at https://www.silverstripe.org/download/security-releases/cve-2026-55779...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/24 2:45 a.m.5 views

CVE-2026-54720 - XSS attack through media embed

More info at https://www.silverstripe.org/download/security-releases/cve-2026-54720...

5.4CVSS5.8AI score0.00263EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/04 6:43 a.m.5 views

Stored Cross-Site Scripting (XSS) via uploaded files served inline in FileField and ImageField

More info at https://github.com/EasyCorp/EasyAdminBundle/security/advisories/GHSA-8559-gwj3-q37r...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/10/04 8:18 p.m.5 views

Null reset codes were allowed

More info at https://haxx.ml/post/149975211631/how-i-hacked-your-cfp-and-probably-some-other...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/24 4:12 a.m.4 views

CVE-2026-54718 - Remote code execution via advanced workflow email template

More info at https://www.silverstripe.org/download/security-releases/cve-2026-54718...

5.8AI score
Exploits0Affected Software1
Total number of security vulnerabilities1702