Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FriendsofphpRecent
RecentMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP•added 2019/06/11 4:34 p.m.•18 views

CVE-2019-12246: Denial of Service on flush and development URL tools

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12246...

4.3CVSS7.2AI score0.0068EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/06/11 4:34 p.m.•21 views

CVE-2019-12149: Potential SQL injection in restfulserver and registry modules

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12149...

9.8CVSS7.2AI score0.01355EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/30 8:55 p.m.•20 views

Exposed suppressed log in RevisionDelete page

More info at https://phabricator.wikimedia.org/T222038...

6.5CVSS7.2AI score0.01382EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/30 8:55 p.m.•19 views

Need to make a limit of count of attempts to change email address

More info at https://phabricator.wikimedia.org/T209794...

5.3CVSS7.2AI score0.01263EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/30 8:55 p.m.•19 views

Direct POST to Special:ChangeEmail will bypass reauth check

More info at https://phabricator.wikimedia.org/T197279...

9.8CVSS7.2AI score0.03427EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/30 8:55 p.m.•27 views

Exposed suppressed username or log in Special:EditTags

More info at https://phabricator.wikimedia.org/T222036...

6.5CVSS7.2AI score0.0141EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/30 8:55 p.m.•20 views

Forbid blocking IP ranges as big as /1 and /2, as done on ruwikiquote using the API

More info at https://phabricator.wikimedia.org/T199540...

7.5CVSS7.2AI score0.01362EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/30 8:55 p.m.•29 views

API responses for unpatrolled or (not) autopatrolled recent changes require privileges but may be cached publicly

More info at https://phabricator.wikimedia.org/T212118...

7.5CVSS7.2AI score0.02043EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/23 12:0 a.m.•7 views

EZSA-2019-003 XSS in eZFind spellcheck

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-003-xss-in-ezfind-spellcheck...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/07 9:43 a.m.•12 views

Information Disclosure in User Authentication

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-010...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/07 9:43 a.m.•13 views

Information Disclosure in User Authentication

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-010...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/07 9:42 a.m.•17 views

Information Disclosure in Page Tree

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-009...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/07 9:42 a.m.•14 views

Information Disclosure in Page Tree

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-009...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/07 9:42 a.m.•23 views

Possible Arbitrary Code Execution in Image Processing

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-012...

9.3CVSS7.2AI score0.03917EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/07 9:42 a.m.•23 views

Possible Arbitrary Code Execution in Image Processing

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-012...

9.3CVSS7.2AI score0.03917EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/07 9:42 a.m.•12 views

Security Misconfiguration in User Session Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/07 9:42 a.m.•12 views

Security Misconfiguration in User Session Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/07 9:33 a.m.•17 views

Cross-Site Scripting in Fluid Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...

6.1CVSS7.2AI score0.00955EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/07 9:33 a.m.•27 views

Cross-Site Scripting in Fluid Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...

6.1CVSS7.2AI score0.00955EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/07 6:59 a.m.•19 views

Cross-Site Scripting in Fluid Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...

6.1CVSS7.2AI score0.00955EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/07 6:59 a.m.•20 views

Cross-Site Scripting in Fluid Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...

4.3CVSS6.2AI score0.00955EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/06 2:40 p.m.•19 views

By-passing Protection of PharStreamWrapper Interceptor

More info at https://typo3.org/security/advisory/typo3-psa-2019-008...

9.8CVSS7.2AI score0.02675EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/05/06 2:40 p.m.•21 views

By-passing Protection of PharStreamWrapper Interceptor

More info at https://typo3.org/security/advisory/typo3-psa-2019-007...

9.8CVSS7.2AI score0.05586EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/04/20 10:8 p.m.•21 views

Unsafe deserialization in SmtpTransport

More info at https://bakery.cakephp.org/2019/04/23/cakephp37736153518released.html...

7.5CVSS7.2AI score0.02058EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/04/16 3:19 p.m.•38 views

Fixed being bypassable of CVE-2019-6257 SSRF.

Changes form previous version All previous changes is here. js:core Fixed 2863 cssAutoLoad Array option is not working js:core Fixed 2862 stop autoSync when browser tab turn to background cmd:search Fixed 2867 support incremental search other than filename VD:abstract Fixed 2873 correct MIME-Type...

4CVSS7.4AI score0.01098EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/04/16 3:19 p.m.•19 views

Fixed being bypassable of CVE-2019-6257 SSRF.

Changes form previous version All previous changes is here. - js:core Fixed 2863 cssAutoLoad Array option is not working - js:core Fixed 2862 stop autoSync when browser tab turn to background - cmd:search Fixed 2867 support incremental search other than filename - VD:abstract Fixed 2873 correct...

7.7CVSS7.4AI score0.01098EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/04/09 12:21 p.m.•39 views

Confirming an opt-in token does not invalidate previous opt-in tokens

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10643.html...

9.8CVSS7.2AI score0.01254EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/04/09 12:21 p.m.•29 views

The CSRF token check can be bypassed

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10642.html...

8.8CVSS7.2AI score0.00499EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/04/09 12:21 p.m.•24 views

Confirming an opt-in token does not invalidate previous opt-in tokens

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10643.html...

9.8CVSS7.2AI score0.01254EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/04/09 12:21 p.m.•20 views

The CSRF token check can be bypassed

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10642.html...

8.8CVSS7.2AI score0.00499EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/04/09 10:24 a.m.•21 views

Existing sessions are not correctly invalidated when a user changes their password

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10641.html...

9.8CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/04/03 12:0 a.m.•10 views

EZSA-2019-002 Password reset vulnerability

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-002-password-reset-vulnerability...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/04/03 12:0 a.m.•6 views

EZSA-2019-002 Password reset vulnerability

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-002-password-reset-vulnerability...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/03/28 1:34 p.m.•13 views

Information disclosure

More info at https://framework.zend.com/security/advisory/ZF2019-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/03/26 12:0 a.m.•20 views

SUPEE-11086 - RCE, XSS, CSRF and other vulnerabilities

More info at https://magento.com/security/patches/supee-11086...

9.8CVSS7.2AI score0.17437EPSS
Exploits2Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/03/26 12:0 a.m.•31 views

SUPEE-11086 - RCE, XSS, CSRF and other vulnerabilities

More info at https://magento.com/security/patches/supee-11086...

9.8CVSS7.2AI score0.17437EPSS
Exploits2Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/03/21 10:52 p.m.•34 views

XSS vulnerability with double-encoded entities

An XSS vulnerability CVE-2019-10010 has been identified in all previous versions of this library 0.18.2 and below. The issue has been fixed in version 0.18.3. All users should upgrade to version 0.18.3 immediately. Additionally, if your application caches the resulting HTML, please purge and/or...

6.1CVSS5.9AI score0.0105EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/03/12 12:35 p.m.•23 views

Sandbox Information Disclosure

More info at https://symfony.com/blog/twig-sandbox-information-disclosure...

4.3CVSS7.2AI score0.01405EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/03/12 12:0 a.m.•6 views

EZSA-2019-001 XSS in Admin UI

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-001-xss-in-admin-ui...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/02/26 12:10 p.m.•36 views

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.

Changes form previous version All previous changes is here. - VD:abstract fix animated image conversion on ImageMagick - Security,VD:abstract CVE-2019-9194 fix command injection vulnerability of PHP connector Special thanks to Thomas Chauchefoin Synacktiv for reporting this vulnerability...

9.8CVSS9.7AI score0.96633EPSS
Exploits11Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/02/19 11:55 a.m.•24 views

CVE-2019-5715: Reflected SQL Injection through Form and DataObject

More info at https://www.silverstripe.org/download/security-releases/ss-2018-021...

9.8CVSS7.2AI score0.01564EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/02/12 12:0 p.m.•13 views

Remote code execution

More info at https://www.passbolt.com/incidents/20190211multiplevulnerabilities...

0.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/02/12 12:0 p.m.•8 views

E-mail HTML injection

More info at https://www.passbolt.com/incidents/20190211multiplevulnerabilities...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/02/12 12:0 p.m.•11 views

Retrieval of HTTP-only cookies

More info at https://www.passbolt.com/incidents/20190211multiplevulnerabilities...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/02/12 12:0 p.m.•11 views

Remote code execution

More info at https://www.passbolt.com/incidents/20190211multiplevulnerabilities...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:42 a.m.•11 views

Cross-Site Scripting in Language Pack Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-004...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:42 a.m.•10 views

Cross-Site Scripting in Language Pack Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-004...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•8 views

Arbitrary Code Execution via File List Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-008...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•13 views

Arbitrary Code Execution via File List Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-008...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•12 views

Cross-Site Scripting in Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-007...

7.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities1702