1702 matches found
IBEXA-SA-2020-007 Failing access control in system info view
More info at https://developers.ibexa.co/security-advisories/ibexa-sa-2020-007-failing-access-control-in-system-info-view...
EZSA-2020-001 Remote code execution in file uploads
More info at https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads...
EZSA-2019-002 Password reset vulnerability
More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-002-password-reset-vulnerability...
EZSA-2019-001 XSS in Admin UI
More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-001-xss-in-admin-ui...
Security Misconfiguration for Backend User Accounts
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-002...
Information Disclosure in Install Tool
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-010...
Security Misconfiguration in Install Tool Cookie
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-009...
Denial of Service in Online Media Asset Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-011...
EZSA-2018-009 Do not interpret PHP/PHAR uploads
More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads...
EZSA-2018-008 REST API returns list of all SiteAccesses
More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-008-rest-api-returns-list-of-all-siteaccesses...
Magento 2.2.5 and 2.1.14 Security update
More info at https://magento.com/security/patches/magento-2.2.5-and-2.1.14-security-update...
SS-2018-010: Member disclosure in login form
More info at https://www.silverstripe.org/download/security-releases/ss-2018-010/...
SS-2018-004: XSS Vulnerability via WYSIWYG editor
More info at https://www.silverstripe.org/download/security-releases/ss-2018-004/...
Frontend login Session Fixation
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003/...
Incorrect CSRF validation
More info at https://bakery.cakephp.org/2015/05/07/cakephp304released.html...
User authentication bypass
More info at https://thelia.net/version-2-1-3-with-security-fix...
XSS vulnerability in login redirect param
Security advisory: XSS vulnerability in login redirect param ScnSocialAuth version 1.15.2 has been released and includes a security for this vulnerability. Fix has been applied in 4a00966 Affected versions All versions below 1.15.2 are affected. dev-master is fixed starting from 4a00966 Exploits...
PHP code injection via `{% use %}` template name
More info at https://symfony.com/cve-2026-46633...
CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass
More info at https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass...
HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
More info at https://symfony.com/cve-2026-46637...
The `spaceless` filter implicitly marks its output as safe
More info at https://symfony.com/cve-2026-46628...
HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
More info at https://symfony.com/cve-2026-46637...
CVE-2026-45753: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite: javascript: URI Survives Sanitization (XSS)
More info at https://symfony.com/cve-2026-45753...
CVE-2026-45073: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
More info at https://symfony.com/cve-2026-45073...
CVE-2026-45756: JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits: ReDoS
More info at https://symfony.com/cve-2026-45756...
PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser
Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...
Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010
More info at https://www.drupal.org/sa-core-2019-010...
Exploit of encryption failure vulnerability
More info at https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0...
CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
More info at https://symfony.com/cve-2026-45069...
CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
More info at https://symfony.com/cve-2026-45074...
CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering
More info at https://symfony.com/cve-2026-45072...
CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
More info at https://symfony.com/cve-2026-45068...
CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
More info at https://symfony.com/cve-2026-45069...
RSA1_5 (RSAES-PKCS1-v1_5) decryption lacks implicit rejection, exposing a Bleichenbacher/Marvin padding oracle
Impact RSACrypt::decryptWithRSA15 used by the RSA15 key-encryption algorithm implements RSAES-PKCS1-v15 decryption by inspecting the padding after RSADP and throwing InvalidArgumentException as soon as the padding is malformed. It does not implement the implicit-rejection countermeasure required ...
Chacha20Poly1305 key-encryption algorithm discards the Poly1305 authentication tag, performing no authentication on decryption
Impact The experimental Chacha20Poly1305 key-encryption algorithm generates the 16-byte Poly1305 authentication tag during encryptKey but discards it: the tag is never written to the header and therefore never reaches the wire. On the receiving side, decryptKey calls...
Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003
More info at https://www.drupal.org/sa-core-2020-003...
By-passing Protection of PharStreamWrapper Interceptor
More info at https://typo3.org/security/advisory/typo3-psa-2018-001...
CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45754...
CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
More info at https://symfony.com/cve-2026-45068...
CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45754...
SS-2018-015: Vulnerable dependency
More info at https://www.silverstripe.org/download/security-releases/ss-2018-015/...
CVE-2026-47212: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-47212...
Anonymous Open Redirect - Moderately Critical - Open Redirect
More info at https://www.drupal.org/sa-core-2018-006...
CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass
More info at https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass...
CVE-2026-45071: XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
More info at https://symfony.com/cve-2026-45071...
CVE-2026-55779 - XSS in archive admin restore
More info at https://www.silverstripe.org/download/security-releases/cve-2026-55779...
CVE-2026-54720 - XSS attack through media embed
More info at https://www.silverstripe.org/download/security-releases/cve-2026-54720...
Stored Cross-Site Scripting (XSS) via uploaded files served inline in FileField and ImageField
More info at https://github.com/EasyCorp/EasyAdminBundle/security/advisories/GHSA-8559-gwj3-q37r...
Null reset codes were allowed
More info at https://haxx.ml/post/149975211631/how-i-hacked-your-cfp-and-probably-some-other...
CVE-2026-54718 - Remote code execution via advanced workflow email template
More info at https://www.silverstripe.org/download/security-releases/cve-2026-54718...