Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FriendsofphpRecent
RecentMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•15 views

Cross-Site Scripting in Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-007...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•25 views

Cross-Site Scripting in Bootstrap CSS toolkit

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-006...

6.1CVSS9.7AI score0.04293EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•35 views

Cross-Site Scripting in Bootstrap CSS toolkit

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-006...

6.1CVSS9.7AI score0.04293EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•8 views

Cross-Site Scripting in Fluid ViewHelpers

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-005...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•12 views

Cross-Site Scripting in Fluid ViewHelpers

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-005...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•11 views

Broken Access Control in Localization Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-003...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•10 views

Broken Access Control in Localization Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-003...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•11 views

Security Misconfiguration for Backend User Accounts

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-002...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•7 views

Security Misconfiguration for Backend User Accounts

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-002...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•10 views

Information Disclosure of Installed Extensions

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/22 8:41 a.m.•9 views

Information Disclosure of Installed Extensions

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/15 5:30 p.m.•18 views

CVE-2019-1000011: Access control bypass in GraphQL mutations

Q A Bug fix? yes New feature? no BC breaks? no Deprecations? no Tests pass? yes Fixed tickets 2364 License MIT Doc PR This prevents passing IRIs belonging to different resource classes, which would bypass access control in some instances see 2364...

5.5CVSS6.3AI score0.01024EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/01/15 5:30 p.m.•24 views

CVE-2019-1000011: Access control bypass in GraphQL mutations

| Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | 2364 | License | MIT | Doc PR | This prevents passing IRIs belonging to different resource classes, which would bypass access control in some instances s...

6.5CVSS6.3AI score0.01024EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/29 8:39 p.m.•39 views

XSS vulnerability with unsafe link protocols

An XSS vulnerability CVE-2018-20583 has been identified in the following versions of this library: 0.15.6 0.15.7 0.16.0 0.17.0 0.17.1 0.17.2 0.17.3 0.17.4 0.17.5 0.18.0 It allows unsafe URLs to be added to links. The issue has been fixed in version 0.18.1. All users should upgrade to version 0.18...

6.1CVSS6AI score0.01597EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/20 7:11 p.m.•28 views

Potential RCE if filename starts with phar://

More info at https://pear.php.net/bugs/bug.php?id=23782...

6.8CVSS8.1AI score0.18286EPSS
Exploits5Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/20 7:11 p.m.•31 views

Potential RCE if filename starts with phar://

More info at https://pear.php.net/bugs/bug.php?id=23782...

8.8CVSS8.9AI score0.18286EPSS
Exploits5Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/20 4:16 p.m.•13 views

Credentials exposure in session storage

More info at https://simplesamlphp.org/security/201812-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/14 12:44 p.m.•16 views

Denial of service

Make the world a bit safer...

2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/14 12:44 p.m.•8 views

Denial of service

Make the world a bit safer...

7.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/12 12:21 p.m.•10 views

SS-2018-019: Possible denial of service attack vector when flushing

More info at https://www.silverstripe.org/download/security-releases/ss-2018-019/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/12 12:21 p.m.•12 views

SS-2018-020: Potential SQL vulnerability in PostgreSQL database connector

More info at https://www.silverstripe.org/download/security-releases/ss-2018-020/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:56 a.m.•9 views

Denial of Service in Frontend Record Registration

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-012...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:56 a.m.•13 views

Denial of Service in Online Media Asset Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:56 a.m.•7 views

Information Disclosure in Install Tool

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-010...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:56 a.m.•7 views

Security Misconfiguration in Install Tool Cookie

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-009...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:56 a.m.•9 views

Cross-Site Scripting in Frontend User Login

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-008...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:56 a.m.•9 views

Cross-Site Scripting in Backend Modal Component

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-007...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:56 a.m.•9 views

Cross-Site Scripting in Online Media Asset Rendering

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:55 a.m.•39 views

Cross-Site Scripting in CKEditor

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-005...

6.1CVSS9.7AI score0.01954EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:55 a.m.•27 views

Cross-Site Scripting in CKEditor

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-005...

6.1CVSS9.7AI score0.01954EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:55 a.m.•9 views

Denial of Service in Frontend Record Registration

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-012...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:55 a.m.•7 views

Denial of Service in Online Media Asset Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:55 a.m.•15 views

Information Disclosure in Install Tool

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-010...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:55 a.m.•8 views

Security Misconfiguration in Install Tool Cookie

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-009...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:55 a.m.•11 views

Cross-Site Scripting in Frontend User Login

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-008...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:55 a.m.•8 views

Cross-Site Scripting in Backend Modal Component

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-007...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/11 9:55 a.m.•10 views

Cross-Site Scripting in Online Media Asset Rendering

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/12/10 2:21 p.m.•9 views

SS-2018-007: CSRF vulnerability in graphql

More info at https://www.silverstripe.org/download/security-releases/ss-2018-007/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/11/28 3:41 p.m.•9 views

Magento 2.2.7 and 2.1.16 Security update. Closes RCE,XSS and other vulnerabilities

More info at https://magento.com/security/patches/magento-2.2.7-and-2.1.16-security-update...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/11/26 10:0 a.m.•12 views

SUPEE-10975 - Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities

More info at https://magento.com/security/patches/supee-10975...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/11/26 10:0 a.m.•10 views

SUPEE-10975 - Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities

More info at https://magento.com/security/patches/supee-10975...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/11/22 11:7 p.m.•62 views

XXE Vulnerability

This is: - X a bug report - a feature request - not a usage question ask them on https://stackoverflow.com/questions/tagged/phpspreadsheet or https://gitter.im/PHPOffice/PhpSpreadsheet What is the expected behavior? The securityScan function is used to prevent XXE attacks. What is the current...

8.8CVSS8.5AI score0.07791EPSS
Exploits4Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/11/20 7:50 p.m.•63 views

XXE Vulnerability

This is: - X a bug report - a feature request - not a usage question ask them on https://stackoverflow.com/questions/tagged/phpspreadsheet or https://gitter.im/PHPOffice/PhpSpreadsheet What is the expected behavior? The securityScan function is used to prevent XXE attacks. What is the current...

8.8CVSS8.5AI score0.07791EPSS
Exploits4Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/11/20 3:30 p.m.•7 views

EZSA-2018-007 User data disclosure

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-007-user-data-disclosure...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/11/06 11:52 a.m.•15 views

CVE-2018-19789: Temporary uploaded file path disclosure

More info at https://symfony.com/cve-2018-19789...

5.3CVSS7.2AI score0.03589EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/11/06 11:52 a.m.•18 views

CVE-2018-19790: Open Redirect Vulnerability on login

More info at https://symfony.com/cve-2018-19790...

6.1CVSS7.2AI score0.01485EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/11/06 11:52 a.m.•21 views

CVE-2018-19790: Open Redirect Vulnerability on login

More info at https://symfony.com/cve-2018-19790...

6.1CVSS7.2AI score0.01485EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/11/06 11:52 a.m.•27 views

CVE-2018-19790: Open Redirect Vulnerability on login

More info at https://symfony.com/cve-2018-19790...

6.1CVSS7.2AI score0.01485EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/11/06 11:52 a.m.•21 views

CVE-2018-19789: Temporary uploaded file path disclosure

More info at https://symfony.com/cve-2018-19789...

5.3CVSS7.2AI score0.03589EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2018/10/31 12:19 p.m.•12 views

Possible DOS attack with long user-submitted passwords (correct fix for CVE-2013-5958)

See https://twitter.com/CiPHPerCoder/status/1050427719941525504 for discussion...

5CVSS6.1AI score0.01868EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702