PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

Authentication bypass via attacker provided openid server

Description Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These a...

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

Remote Code Execution via Chosen-Ciphertext Attack

framework/src/Titon/Crypto/OpenSslCipher.hh Lines 30 to 39 in cbf4472 public function decryptstring $payload: mixed $payload = $this-decodePayload$payload; $method = $this-getMethod; $value = openssldecrypthex2bin$payload'data', $method, $this-getKey, OPENSSLRAWDATA, hex2bin$payload'iv'; if $valu...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

PHPMemcachedAdmin Path Traversal vulnerability

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-6026...

Filter input to avoid XPath injection

In order to avoid XPath injection, user input must be filtered before it ends up in the query. Unfortunately, there's no way to do this with a standard method in PHP, so we need our own filtering function. Current best practice recommends using white lists instead of black lists to allow only a...

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

Prevent installation typosquatting malware

More info at https://www.kernelmode.blog/typosquatting-malware-found-in-composer-repository/...

Cross-Site Scripting

I've picked up on the work started over at 276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggested earlier so that all attributes are...

Code injection vulnerability in allSelectors()

More info at https://packetstormsecurity.com/files/cve/CVE-2020-13756...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

CVE-2019-12186: XSS injection in the Grid component

More info at https://sylius.com/blog/cve-2019-12186/...

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

Insecure Random Number Generator

Insecure RNG: https://github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.phpL167-L181 Insecure RNG fallback: https://github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.phpL48-L5...

CVE-2019-12186: XSS injection in the Grid component

More info at https://sylius.com/blog/cve-2019-12186/...

CVE-2020-15143: Remote Code Execution in ParametersParser while using request parameters inside expression language

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

CVE-2020-15146: Remote Code Execution in OptionsParser while using request parameters inside expression language

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

Deserialization Gadget chain in Swift Mailer

Summary Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will enable remote code executio...

CVE-2020-5220: Ability to define unintended serialisation groups via HTTP header which might lead to data exposure

Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

Signature validation bypass

More info at https://simplesamlphp.org/security/201710-01...

Authentication bypass via attacker provided openid server

Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...

Information disclosure

More info at https://simplesamlphp.org/security/201911-02...

Reflected Cross-Site-Scripting

More info at https://simplesamlphp.org/security/201907-01...

Laravel CRLF injection in default email rule

Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...

CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

More info at https://symfony.com/cve-2026-45064...

CVE-2026-45066: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

More info at https://symfony.com/cve-2026-45066...

Prevent installation typosquatting malware

More info at https://www.kernelmode.blog/typosquatting-malware-found-in-composer-repository/...

CVE-2019-10910: Check service IDs are valid

More info at https://symfony.com/cve-2019-10910...

CVE-2020-15245: Ability to switch customer email address on account detail page and stay verified

Impact The user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any...

CVE-2019-18889: Forbid serializing AbstractAdapter and TagAwareAdapter instances

More info at https://symfony.com/cve-2019-18889...

CVE-2019-12186: XSS injection in the Grid component

More info at https://sylius.com/blog/cve-2019-12186/...

CVE-2019-10912: Prevent destructors with side-effects from being unserialized

More info at https://symfony.com/cve-2019-10912...

CVE-2026-48760: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense

More info at https://symfony.com/cve-2026-48760...

CVE-2026-45753: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite: javascript: URI Survives Sanitization (XSS)

More info at https://symfony.com/cve-2026-45753...

CVE-2019-18887: Use constant time comparison in UriSigner

More info at https://symfony.com/cve-2019-18887...

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

SS-2018-015: Vulnerable dependency

More info at https://www.silverstripe.org/download/security-releases/ss-2018-015/...

CVE-2023-48714 Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter

More info at https://www.silverstripe.org/download/security-releases/CVE-2023-48714...

CVE-2024-50341: Security::login does not take into account custom user_checker

More info at https://symfony.com/cve-2024-50341...

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

More info at https://www.drupal.org/sa-core-2020-013...

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

More info at https://www.drupal.org/sa-core-2020-013...

Cross site scripting via HTML attributes in the back end

More info at https://contao.org/en/security-advisories/cross-site-scripting-via-html-attributes-in-the-back-end.html...

PHP file inclusion via insert tags

More info at https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html...

Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001

More info at https://www.drupal.org/sa-core-2020-001...