Potential XML eXternal Entity injection vectors in Zend Framework 1 Zend_Feed component

More info at https://framework.zend.com/security/advisory/ZF2012-05...

local file access in `Client:send` via manipulation of `$protocol` argument

security fix: hardened the Client::send method against misuse of the $method argument issue 81. Abusing its value, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakne...

code injection in `Wrapper::buildClientWrapperCode` via manipulation of the `$client` argument

security fix: hardened the Client::send method against misuse of the $method argument issue 81. Abusing its value, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakne...

Request::getClientIp() when the trust proxy mode is enabled

More info at https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4...

Request::getClientIp() when the trust proxy mode is enabled

More info at https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4...

Vulnerability in the EntityUserProvider as provided in the Doctrine bridge

More info at https://symfony.com/blog/security-release-symfony-2-0-6...

Potential Proxy Injection Vulnerabilities in Multiple Zend Framework 2 Components

More info at https://framework.zend.com/security/advisory/ZF2012-04...

DOS attack in FOSUserBundle login form

More info at https://symfony.com/cve-2013-5750...

Denial of Service vector via XEE injection

More info at https://framework.zend.com/security/advisory/ZF2012-02...

Potential XSS Vectors in Multiple Zend Framework 2 Components

More info at https://framework.zend.com/security/advisory/ZF2012-03...

Security fixes related to the way XML is handled

More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...

Security fixes related to the way XML is handled

More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...

Security fixes related to the way XML is handled

More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...

Security fixes related to the way XML is handled

More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...

Security fixes related to the way XML is handled

More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...

Local file disclosure via XXE injection in Zend_XmlRpc

More info at https://framework.zend.com/security/advisory/ZF2012-01...

Fixes a security issue where the session could be hijacked

Changelog ========= 4.1.0 2026-02-13 Convert XML config files to other formats to fix the deprecation of XML config files in Symfony Add PHP routing files alongside the XML ones. Loading the XML routing files triggers a deprecation in Symfony 7.4. Fix deprecation in the UserChecker Fix the...

Fixed the user refreshing to check the identity by primary key instead of username

Changelog ========= 4.1.0 2026-02-13 Convert XML config files to other formats to fix the deprecation of XML config files in Symfony Add PHP routing files alongside the XML ones. Loading the XML routing files triggers a deprecation in Symfony 7.4. Fix deprecation in the UserChecker Fix the...

Potential XSS in Development Environment Error View Script

More info at https://framework.zend.com/security/advisory/ZF2011-01...

Insecure Unserialize Vulnerability in FLOW3

More info at https://www.neos.io/blog/flow-sa-2012-001.html...

Insecure Unserialize Vulnerability in FLOW3

More info at https://www.neos.io/blog/flow-sa-2012-001.html...

Routes behind a firewall are accessible even when not logged in

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

Routes behind a firewall are accessible even when not logged in

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

Routes behind a firewall are accessible even when not logged in

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

Routes behind a firewall are accessible even when not logged in

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

XML decoding attack vector through external entities

More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...

XML decoding attack vector through external entities

More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...

SQL injection possibility

More info at https://www.doctrine-project.org/blog/doctrine-security-fix.html...

SQL injection possibility

More info at https://www.doctrine-project.org/blog/dbal-security-2011-1.html...

Potential SQL Injection Vector When Using PDO_MySql

More info at https://framework.zend.com/security/advisory/ZF2011-02...

XSS vulnerability exploitable on Internet Explorer

More info at http://htmlpurifier.org/news/2010/0531-4.1.1-released...

XSS vulnerability exploitable on Internet Explorer

More info at http://htmlpurifier.org/news/2010/0531-4.1.1-released...

Multiple XSS vulnerabilities exploitable on Internet Explorer

More info at http://htmlpurifier.org/security/2010/css-quoting...

Potential Security Issues in Bundled Dojo Library

More info at https://framework.zend.com/security/advisory/ZF2010-07...

Potential XSS vectors due to inconsistent encodings

More info at https://framework.zend.com/security/advisory/ZF2010-01...

Potential XSS vector in Zend_Dojo_View_Helper_Editor

More info at https://framework.zend.com/security/advisory/ZF2010-02...

Potential XSS vector in Zend_Filter_StripTags when comments allowed

More info at https://framework.zend.com/security/advisory/ZF2010-03...

Potential XSS vector in Zend_Service_ReCaptcha_MailHide

More info at https://framework.zend.com/security/advisory/ZF2010-05...

Potential Security Issues in Bundled Dojo Library

More info at https://framework.zend.com/security/advisory/ZF2010-06...

XSS vector in Zend_Filter_StripTags

More info at https://framework.zend.com/security/advisory/ZF2009-02...

LFI vector in Zend_View::setScriptPath() and render()

More info at https://framework.zend.com/security/advisory/ZF2009-01...

Padding Oracle Vulnerability in RSA Encryption

See https://framework.zend.com/security/advisory/ZF2015-10 it's essentially the same vulnerability The text was updated successfully, but these errors were encountered: All reactions...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

Deserialization of Untrusted Data

Description This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation. References...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...

Cross-site scripting (XSS) vulnerability in Paypal-Merchant-SDK-PHP

Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user-supplied data in “token” HTTP GET parameter that will be passed to “merchant-sdk-php\samples\AccountAuthentication\GetAuthDetails.html.php”. The infected source code is li...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...