1702 matches found
CRLF injection via URI host component
Impact guzzlehttp/psr7 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. The issue requires a PSR-7 request to be serialized into a raw HTTP/1.x message, for example with GuzzleHttp\Psr7\Message::toString or an equivalent custom serializer. Creating a...
Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation
More info at https://symfony.com/cve-2026-46640...
CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
More info at https://symfony.com/cve-2026-45075...
CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering
More info at https://symfony.com/cve-2026-45072...
CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
More info at https://symfony.com/cve-2026-45075...
`template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
More info at https://symfony.com/cve-2026-46634...
Sandbox property and method bypass via object-destructuring assignment
More info at https://symfony.com/cve-2026-46639...
XSS in profiler HtmlDumper via unescaped template and profile names
More info at https://symfony.com/cve-2026-47730...
CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
More info at https://symfony.com/cve-2026-45075...
SQL Injection in extension "News system" (news)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-010...
TYPO3-EXT-SA-2026-009: Broken Access Control in extension "Frontend User Registration" (sf_register)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-009...
TYPO3-EXT-SA-2026-012: SQL Injection in extension "Address List" (tt_address)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-012...
TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...
TYPO3-EXT-SA-2026-011: XML External Entity Injection in extension "Faceted Search" (ke_search)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...
TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...
Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
More info at https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2...
Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
Summary Composer leaks the full contents of tokens configured as GitHub OAuth tokens if they do not match Composer's expected format for such tokens to stderr. GitHub has introduced a new format for GitHub Actions GITHUBTOKEN values. These tokens are validated in the same way by Composer on GitHu...
TYPO3-EXT-SA-2026-008: Remote Code Execution in extension "Site Crawler" (crawler)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-008...
Remote code execution via evaluation of user-controlled input in validation rules
Impact A remote code execution RCE vulnerability affects versions 0.13.2 through 0.13.21. When documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...
Cross-site scripting (XSS) via script break-out in toScript() output
What's Changed Escape HTML tags in toScript output to prevent script break-out by @freekmurze in https://github.com/spatie/schema-org/pull/242 Values containing passed as schema properties could break out of the generated block and execute injected HTML when the value was attacker-controlled...
Argument injection via newline in PHP INI values forwarded to child processes
Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...
Argument injection via newline in PHP INI values forwarded to child processes
Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...
CVE-2026-24749 - DBFile permission bypass
More info at https://www.silverstripe.org/download/security-releases/cve-2026-24749...
Command injection via malicious Perforce repository definition
Impact The Perforce::generateP4Command method constructed shell commands by interpolating user-supplied Perforce connection parameters port, user, client without proper escaping. An attacker controlling a repository configuration in a malicious composer.json declaring a Perforce VCS repository...
Command injection via malicious Perforce source reference/url
Impact The Perforce::syncCodeBase method appended the $sourceReference parameter to a shell command without proper escaping, allowing an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters. Further as in GHSA-wg36-wvj6-r67p / CVE-2026-40176 the...
TYPO3-EXT-SA-2026-013: Remote Code Execution in extension "Content Element Selector" (ceselector)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-013...
Denial of Service via "MadeYouReset" vulnerability
Versions of amphp/http-server prior to 3.4.4 for the 3.x release branch and prior to 2.1.10 for the 2.x release branch are vulnerable to the HTTP/2 "MadeYouReset" DoS attack described by CVE-2025-8671 and https://kb.cert.org/vuls/id/767506. In versions 3.4.4 and 2.1.10, stream reset protection ha...
Unsafe Deserialization in PHPT Code Coverage Handling
Overview A vulnerability has been discovered involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserializes code coverage files without validation, potentially allowing remote code execution if malicious...
Missing check that a point is on the prime subgroup for Edwards25519
More info at https://00f.net/2025/12/30/libsodium-vulnerability...
Key Commitment Issues in S3 Encryption Clients
More info at https://aws.amazon.com/security/security-bulletins/AWS-2025-032/...
TYPO3-EXT-SA-2025-007: Multiple vulnerabilities in extension "Backup Plus" (ns_backup)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-007...
TYPO3-EXT-SA-2025-005: Cross-Site Scripting in extension "[clickstorm] SEO" (cs_seo)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-005...
TYPO3-EXT-SA-2025-008: Multiple vulnerabilities in extension "Front End User Registration" (sr_feuser_register)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-008...
symfony/ux-twig-component Unsanitized HTML attribute injection via ComponentAttributes
More info at https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attribute-injection-via-componentattributes...
symfony/ux-live-component Unsanitized HTML attribute injection via ComponentAttributes
More info at https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attribute-injection-via-componentattributes...
TYPO3-EXT-SA-2025-004: Insecure Direct Object Reference in extension "Download manager" (reint_downloadmanager)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-004...
TYPO3-EXT-SA-2025-006: Insecure Direct Object Reference in extension "femanager" (femanager)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-006...
CVE-2025-25197 - XSS attack in elemental "Content blocks in use" report
More info at https://www.silverstripe.org/download/security-releases/cve-2025-25197...
SS-2025-001 - User enumeration via timing attack
More info at https://www.silverstripe.org/download/security-releases/ss-2025-001...
CVE-2025-30148 - XSS vulnerability in HTML editor
More info at https://www.silverstripe.org/download/security-releases/cve-2025-30148...
GraphQL grant on a property might be cached with different objects
Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...
GraphQL grant on a property might be cached with different objects
Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...
GraphQL query operations security can be bypassed
Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...
GraphQL query operations security can be bypassed
Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...
TYPO3-EXT-SA-2025-002: Cross-Site Scripting in extension “Additional TCA” (additional_tca)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-002...
TYPO3-EXT-SA-2025-003: Multiple vulnerabilities in extension “[clickstorm] SEO” (cs_seo)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-003...
Missing output escaping for the null coalesce operator
More info at https://symfony.com/blog/twig-cve-2025-24374-missing-output-escaping-for-the-null-coalesce-operator...
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-001...
CVE-2024-53277 - XSS in form messages
More info at https://www.silverstripe.org/download/security-releases/cve-2024-53277...
CVE-2024-47605 - XSS via insert media remote file oembed
More info at https://www.silverstripe.org/download/security-releases/cve-2024-47605...