Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FriendsofphpRecent
RecentMost viewed

1697 matches found

Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.7 views

Sandbox `__toString()` policy bypass via `Traversable` in `join`/`replace` and `in`/`not in` operators

More info at https://symfony.com/blog/cve-2026-48807-sandbox-tostring-policy-bypass-via-traversable-in-join-replace-and-in-not-in-operators...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.11 views

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2024-50342...

4.3CVSS6.6AI score0.00481EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.35 views

CVE-2023-46733: Potential XSS in WebhookController

More info at https://symfony.com/cve-2023-46733...

6.5CVSS7.2AI score0.00689EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.30 views

CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters

More info at https://symfony.com/cve-2023-46734...

6.1CVSS7.2AI score0.00682EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.12 views

Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

More info at https://symfony.com/cve-2026-47732...

5.8AI score0.00044EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.6 views

Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`

More info at https://symfony.com/blog/cve-2026-48805-sandbox-state-regression-in-deprecated-internal-wrappers-in-src-resources-core-php...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.31 views

CVE-2024-50340: Ability to change environment from query

More info at https://symfony.com/cve-2024-50340...

7.3CVSS6.6AI score0.63422EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.7 views

Sandbox `__toString()` policy bypass via dynamic mapping keys

More info at https://symfony.com/blog/cve-2026-48806-sandbox-tostring-policy-bypass-via-dynamic-mapping-keys...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.5 views

Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders

More info at https://symfony.com/blog/cve-2026-46636-sandbox-filter-tag-and-function-allow-list-bypass-when-sandbox-state-changes-between-renders...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.14 views

`{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

More info at https://symfony.com/cve-2026-46638...

8.6CVSS5.8AI score0.00826EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.19 views

CVE-2024-50343: Incorrect response from Validator when input ends with ` `

More info at https://symfony.com/cve-2024-50343...

3.1CVSS6.6AI score0.00465EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.7 views

Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`

More info at https://symfony.com/blog/cve-2026-48808-sandbox-property-allowlist-bypass-via-the-column-filter-under-sourcepolicyinterface...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.14 views

CVE-2024-50345: Open redirect via browser-sanitized URLs

More info at https://symfony.com/cve-2024-50345...

6.1CVSS6.6AI score0.00565EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.38 views

CVE-2024-51736: Command execution hijack on Windows with Process class

More info at https://symfony.com/cve-2024-51736...

9.8CVSS6.8AI score0.0043EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.4 views

PHP code injection via `{% use %}` template name

More info at https://symfony.com/cve-2026-46633...

5.8AI score0.00357EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.3 views

The `spaceless` filter implicitly marks its output as safe

More info at https://symfony.com/cve-2026-46628...

5.8AI score0.00056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.4 views

Sandbox property allowlist bypass via the `column` filter (array_column on objects)

More info at https://symfony.com/cve-2026-46635...

5.8AI score0.00047EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.34 views

CVE-2019-18886: Prevent user enumeration using switch user functionality

More info at https://symfony.com/cve-2019-18886...

5.3CVSS7.2AI score0.01552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.4 views

CVE-2026-45753: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite: javascript: URI Survives Sanitization (XSS)

More info at https://symfony.com/cve-2026-45753...

5.8AI score0.00082EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.5 views

CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45754...

5.8AI score0.00103EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.4 views

CVE-2026-47212: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-47212...

5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.11 views

CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes

More info at https://symfony.com/cve-2026-48489...

5.8AI score0.00058EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.23 views

CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2026-48736...

5.8AI score0.00029EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.10 views

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

5.8AI score0.00051EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.4 views

CVE-2026-45755: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45755...

5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.4 views

CVE-2026-45756: JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits: ReDoS

More info at https://symfony.com/cve-2026-45756...

5.8AI score0.00082EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.26 views

CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch

More info at https://symfony.com/cve-2026-46626...

7.3CVSS5.8AI score0.63422EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.13 views

CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

More info at https://symfony.com/cve-2026-48747...

5.8AI score0.00018EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.6 views

CVE-2026-48760: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense

More info at https://symfony.com/cve-2026-48760...

5.8AI score0.00025EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.5 views

CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

More info at https://symfony.com/cve-2026-48784...

5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.22 views

Insecure Random Number Generator

Insecure RNG: stormpath-sdk-php/src/Util/UUID.php Lines 167 to 181 in 15aee30 / Generate an UUID version 4 pseudo random / static private function generateRandom$ns, $node $uuid = self::$muuidfield; $uuid'timehi' = 4 12 | mtrand0, 0x1000; $uuid'clockseqhi' = 1 7 | mtrand0, 128; $uuid'timelow' =...

0.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.5 views

CVE-2026-47212: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-47212...

5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.30 views

CVE-2023-46733: Possible session fixation

More info at https://symfony.com/cve-2023-46733...

6.5CVSS7.2AI score0.00689EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.3 views

CVE-2026-45063: Identity Spoofing via Unanchored DN Regex in X509Authenticator

More info at https://symfony.com/cve-2026-45063...

5.8AI score0.00069EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.3 views

CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

More info at https://symfony.com/cve-2026-45069...

5.8AI score0.0005EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.5 views

CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

More info at https://symfony.com/cve-2026-45074...

5.8AI score0.00064EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.20 views

CVE-2019-10911: Add a separator in the remember me cookie hash

More info at https://symfony.com/cve-2019-10911...

7.5CVSS7.2AI score0.01243EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.3 views

CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering

More info at https://symfony.com/cve-2026-45072...

5.8AI score0.00062EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.11 views

CVE-2024-50343: Incorrect response from Validator when input ends with ` `

More info at https://symfony.com/cve-2024-50343...

3.1CVSS6.6AI score0.00465EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.3 views

CVE-2026-45133: YAML Parser Stack Exhaustion via Unbounded Recursion in Nested Blocks, Sequences, and Mappings

More info at https://symfony.com/cve-2026-45133...

5.8AI score0.00089EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.4 views

CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

More info at https://symfony.com/cve-2026-45304...

5.8AI score0.00076EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.7 views

CVE-2026-45305: YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex

More info at https://symfony.com/cve-2026-45305...

5.8AI score0.00076EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.27 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009

More info at https://www.drupal.org/sa-core-2020-009...

6.1CVSS7.2AI score0.00671EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.6 views

CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

More info at https://symfony.com/cve-2026-45065...

5.8AI score0.0004EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.22 views

Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004

More info at https://www.drupal.org/sa-core-2020-004...

8.8CVSS7.2AI score0.00695EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.21 views

Drupal core - Less critical - Access bypass - SA-CORE-2020-006

More info at https://www.drupal.org/sa-core-2020-006...

9.8CVSS7.2AI score0.01275EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.29 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

More info at https://www.drupal.org/sa-core-2020-007...

6.1CVSS7.2AI score0.02925EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.25 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008

More info at https://www.drupal.org/sa-core-2020-008...

5.3CVSS7.2AI score0.00928EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.22 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008

More info at https://www.drupal.org/sa-core-2020-008...

5.3CVSS7.2AI score0.00928EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.23 views

Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004

More info at https://www.drupal.org/sa-core-2020-004...

8.8CVSS7.2AI score0.00695EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1697