Privilege escalation with the form generator

More info at https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html...

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005

More info at https://www.drupal.org/sa-core-2021-005...

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005

More info at https://www.drupal.org/sa-core-2021-005...

Guard bypass in Eloquent models

More info at https://blog.laravel.com/security-release-laravel-61834-7232...

PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...

XSS vulnerability on contacts view

Impact Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populat...

XSS vulnerability on password reset page

Impact For Mautic versions prior to 3.3.4, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password...

Stored XSS vulnerability on Bounce Management Callback

Impact Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and...

XSS vulnerability on asset view

Impact Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. Patch...

Possible cross-site scripting (XSS) vulnerability in the Blade templating engine

A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: html @section'content' @show resources/views/child.blade.php: html @extends'parent' @section'content' @endsection And a route...

Mautic core - Moderately Critical - XSS vulnerability when creating/editing a company

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

CVE-2019-12205: Clipboard Reflected XSS

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12205/...

Filter input to avoid XPath injection

Filter input for its use in XPath expressions In order to avoid XPath injection, user input must be filtered before it ends up in the query. Unfortunately, there's no way to do this with a standard method in PHP, so we need our own filtering function. Current best practice recommends using white...

Code injection vulnerability in allSelectors()

More info at https://packetstormsecurity.com/files/cve/CVE-2020-13756...

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

Vulnerability to bypass two-factor authentication with remember-me option

Bundle version: 4.10.0 Symfony version: 3.4.31 Description Bypass 2fa by rememberme cookie To Reproduce We have a login form with rememberme checkbox functionality, When using the checkbox, symfony creates a cookie "REMEMBERME". That moment we get redirected to the 2fa-auth page. We have no acces...

Password reset phishing vulnerability

More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

SQL Server LIMIT / OFFSET SQL Injection

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

Unauthenticated crypto and weak IV in Magento\Framework\Encryption

More info at http://www.openwall.com/lists/oss-security/2016/07/19/3...

Secret data exfiltration via symfony parameters

Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...

PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-6027...

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

Use token when logging out

More info at https://phabricator.wikimedia.org/T25227...

Tabnabbing when opening URI with menu "Open URI in a new tab"

More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...

Cross-site scripting (XSS) vulnerability in Paypal-Merchant-SDK-PHP

Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user-supplied data in “token” HTTP GET parameter that will be passed to “merchant-sdk-php\samples\AccountAuthentication\GetAuthDetails.html.php”. The infected source code is li...

Stored XSS in tags autocomplete dropdown

More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

Stored XSS on first/last name during setup

More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...

TOTP throttle not enforced cross-wiki

More info at https://phabricator.wikimedia.org/T251661...

Use of a Broken or Risky Cryptographic Algorithm

✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...

XSS in various backend modules

More info at https://www.neos.io/blog/xss-in-various-backend-modules.html...

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...

Exploit of encryption failure vulnerability

More info at https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0...

Cookie serialization vulnerability

More info at https://laravel.com/docs/5.6/upgradeupgrade-5.6.30...

RCE vulnerability in "cookie" session driver

More info at https://blog.laravel.com/laravel-cookie-security-releases...

Cookie serialization vulnerability

More info at https://laravel.com/docs/5.6/upgradeupgrade-5.6.30...

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

RCE vulnerability in "cookie" session driver

More info at https://blog.laravel.com/laravel-cookie-security-releases...

SQL Server LIMIT / OFFSET SQL Injection

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

Guard bypass in Eloquent models

More info at https://blog.laravel.com/security-release-laravel-61834-7232...

Exploit of encryption failure vulnerability

More info at https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0...

Password reset phishing vulnerability

More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...

Laravel CRLF injection in default email rule

Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...

Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

More info at https://symfony.com/cve-2026-48747...

CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

More info at https://symfony.com/cve-2026-45067...

CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names

More info at https://symfony.com/cve-2026-45070...