1702 matches found
CVE-2026-45755: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45755...
CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
More info at https://symfony.com/cve-2026-45074...
CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie
More info at https://symfony.com/cve-2024-51996...
CVE-2026-45063: Identity Spoofing via Unanchored DN Regex in X509Authenticator
More info at https://symfony.com/cve-2026-45063...
CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes
More info at https://symfony.com/cve-2026-48489...
CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
More info at https://symfony.com/cve-2026-45064...
CVE-2026-45066: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification
More info at https://symfony.com/cve-2026-45066...
CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
More info at https://symfony.com/cve-2019-18888...
Sandbox property allowlist bypass via the `column` filter (array_column on objects)
More info at https://symfony.com/cve-2026-46635...
`{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
More info at https://symfony.com/cve-2026-46638...
CVE-2019-18887: Use constant time comparison in UriSigner
More info at https://symfony.com/cve-2019-18887...
Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders
More info at https://symfony.com/blog/cve-2026-46636-sandbox-filter-tag-and-function-allow-list-bypass-when-sandbox-state-changes-between-renders...
CVE-2026-45756: JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits: ReDoS
More info at https://symfony.com/cve-2026-45756...
CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45754...
CVE-2019-10911: Add a separator in the remember me cookie hash
More info at https://symfony.com/cve-2019-10911...
CVE-2019-18886: Prevent user enumeration using switch user functionality
More info at https://symfony.com/cve-2019-18886...
CVE-2023-46733: Possible session fixation
More info at https://symfony.com/cve-2023-46733...
CVE-2019-10913: Reject invalid HTTP method overrides
More info at https://symfony.com/cve-2019-10913...
PHP Code Injection
phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...
Remote Code Execution via Chosen-Ciphertext Attack
https://github.com/titon/framework/blob/cbf44729173d3a83b91a2b0a217c6b3827512e44/src/Titon/Crypto/OpenSslCipher.hhL30-L39 You aren't authenticating your ciphertexts, and then you're passing the decrypted result to unserialize. See also:...
CVE-2020-5220: Ability to define unintended serialisation groups via HTTP header which might lead to data exposure
Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...
CVE-2019-10909: Escape validation messages in the PHP templating engine
More info at https://symfony.com/cve-2019-10909...
Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments
More info at https://symfony.com/cve-2026-46629...
CVE-2020-15245: Ability to switch customer email address on account detail page and stay verified
Impact The user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any...
PHP Code Injection
phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...
Information disclosure
More info at https://simplesamlphp.org/security/201911-02...
Insecure Random Number Generator
Insecure RNG: https://github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.phpL167-L181 Insecure RNG fallback: https://github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.phpL48-L5...
Authentication bypass via attacker provided openid server
Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...
Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...
PHP Code Injection
phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...
Signature validation bypass
More info at https://simplesamlphp.org/security/201710-01...
CVE-2023-48714 Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
More info at https://www.silverstripe.org/download/security-releases/CVE-2023-48714...
CVE-2019-12205: Clipboard Reflected XSS
More info at https://www.silverstripe.org/download/security-releases/cve-2019-12205/...
Vulnerability to bypass two-factor authentication with remember-me option
Bundle version: 4.10.0 Symfony version: 3.4.31 Description Bypass 2fa by rememberme cookie To Reproduce We have a login form with rememberme checkbox functionality, When using the checkbox, symfony creates a cookie "REMEMBERME". That moment we get redirected to the 2fa-auth page. We have no acces...
CVE-2019-12186: XSS injection in the Grid component
More info at https://sylius.com/blog/cve-2019-12186/...
HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
More info at https://symfony.com/cve-2026-46637...
PHP Code Injection
phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...
HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
More info at https://symfony.com/cve-2026-46637...
Denial of Service via HTTP/2 CONTINUATION Frames
Early versions of amphp/http-client with HTTP/2 support v4.0.0-rc10 to 4.0.0 will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. Later versions of amphp/http-client v4.1.0-rc1...
Denial of Service via HTTP/2 CONTINUATION Frames
amphp/http will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. amphp/http-client and amphp/http-server are indirectly affected if they're used with an unpatched version of...
PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser
Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...
Filter input to avoid XPath injection
Filter input for its use in XPath expressions In order to avoid XPath injection, user input must be filtered before it ends up in the query. Unfortunately, there's no way to do this with a standard method in PHP, so we need our own filtering function. Current best practice recommends using white...
Moderately critical - Cross Site Scripting
More info at https://www.drupal.org/sa-core-2018-003...
Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005
More info at https://www.drupal.org/sa-core-2019-005...
Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005
More info at https://www.drupal.org/sa-core-2019-005...
Critical - Arbitrary PHP code execution
More info at https://www.drupal.org/sa-core-2019-002...
XSS in various backend modules
More info at https://www.neos.io/blog/xss-in-various-backend-modules.html...
Padding Oracle Vulnerability in RSA Encryption
Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...
Timing attack vector for remember me token
The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...
Password reset phishing vulnerability
More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...