1702 matches found
HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
More info at https://symfony.com/cve-2026-46637...
Denial of Service via HTTP/2 CONTINUATION Frames
Early versions of amphp/http-client with HTTP/2 support v4.0.0-rc10 to 4.0.0 will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. Later versions of amphp/http-client v4.1.0-rc1...
Denial of Service via HTTP/2 CONTINUATION Frames
amphp/http will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. amphp/http-client and amphp/http-server are indirectly affected if they're used with an unpatched version of...
PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser
Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...
Code injection vulnerability in allSelectors()
More info at https://packetstormsecurity.com/files/cve/CVE-2020-13756...
Filter input to avoid XPath injection
Filter input for its use in XPath expressions In order to avoid XPath injection, user input must be filtered before it ends up in the query. Unfortunately, there's no way to do this with a standard method in PHP, so we need our own filtering function. Current best practice recommends using white...
Moderately critical - Cross Site Scripting
More info at https://www.drupal.org/sa-core-2018-003...
Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005
More info at https://www.drupal.org/sa-core-2019-005...
Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005
More info at https://www.drupal.org/sa-core-2019-005...
Critical - Arbitrary PHP code execution
More info at https://www.drupal.org/sa-core-2019-002...
XSS in various backend modules
More info at https://www.neos.io/blog/xss-in-various-backend-modules.html...
Padding Oracle Vulnerability in RSA Encryption
Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...
Timing attack vector for remember me token
The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...
Password reset phishing vulnerability
More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
More info at https://www.drupal.org/sa-core-2020-002...
Drupal core - Less critical - Access bypass - SA-CORE-2020-006
More info at https://www.drupal.org/sa-core-2020-006...
Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004
More info at https://www.drupal.org/sa-core-2020-004...
Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009
More info at https://www.drupal.org/sa-core-2020-009...
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010
More info at https://www.drupal.org/sa-core-2020-010...
Mautic core - Moderately Critical - XSS vulnerability when creating/editing a company
More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...
Timing attack vector for remember me token
The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...
Possible cross-site scripting (XSS) vulnerability in the Blade templating engine
A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: html @section'content' @show resources/views/child.blade.php: html @extends'parent' @section'content' @endsection And a route...
Laravel CRLF injection in default email rule
Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...
SQL Server LIMIT / OFFSET SQL Injection
Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...
Use of a Broken or Risky Cryptographic Algorithm
✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...
Password reset phishing vulnerability
More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...
TOTP throttle not enforced cross-wiki
More info at https://phabricator.wikimedia.org/T251661...
Stored XSS on first/last name during setup
More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...
Stored XSS in tags autocomplete dropdown
More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...
Cross-site scripting (XSS) vulnerability in Paypal-Merchant-SDK-PHP
Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user-supplied data in “token” HTTP GET parameter that will be passed to “merchant-sdk-php\samples\AccountAuthentication\GetAuthDetails.html.php”. The infected source code is li...
Unauthenticated crypto and weak IV in Magento\Framework\Encryption
More info at http://www.openwall.com/lists/oss-security/2016/07/19/3...
PHP Code Injection
phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...
Tabnabbing when opening URI with menu "Open URI in a new tab"
More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...
Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009
More info at https://www.drupal.org/sa-core-2019-009...
Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009
More info at https://www.drupal.org/sa-core-2019-009...
Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010
More info at https://www.drupal.org/sa-core-2019-010...
SQL injection vulnerabililty in the file manager search filter
More info at https://contao.org/en/news/security-vulnerability-cve-2019-11512.html...
Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011
More info at https://www.drupal.org/sa-core-2019-011...
Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011
More info at https://www.drupal.org/sa-core-2019-011...
Information disclosure in the back end
More info at https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html...
Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012
More info at https://www.drupal.org/sa-core-2019-012...
Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001
More info at https://www.drupal.org/sa-core-2020-001...
Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010
More info at https://www.drupal.org/sa-core-2019-010...
PHPMemcachedAdmin Path Traversal vulnerability
More info at https://nvd.nist.gov/vuln/detail/CVE-2023-6026...
PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding
More info at https://nvd.nist.gov/vuln/detail/CVE-2023-6027...
Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012
More info at https://www.drupal.org/sa-core-2019-012...
Unrestricted file uploads
More info at https://contao.org/en/security-advisories/unrestricted-file-uploads.html...
Exploit of encryption failure vulnerability
More info at https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0...
Laravel CRLF injection in default email rule
Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...
PHP Code Injection
phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...