Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FriendsofphpRecent
RecentMost viewed

1697 matches found

Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.21 views

Cross-site scripting (XSS) vulnerability in the system log

More info at https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log-2021.html...

6.1CVSS7.2AI score0.0074EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.32 views

Cross-site scripting (XSS) vulnerability in the system log

More info at https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log-2021.html...

6.1CVSS7.2AI score0.0074EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.20 views

Privilege escalation with the form generator

More info at https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html...

8CVSS7.2AI score0.01023EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.24 views

Privilege escalation with the form generator

More info at https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html...

8CVSS7.2AI score0.01023EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.12 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.18 views

SQL injection vulnerabililty in the file manager search filter

More info at https://contao.org/en/news/security-vulnerability-cve-2019-11512.html...

9.8CVSS7.2AI score0.01462EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.26 views

Information disclosure in the back end

More info at https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html...

5.3CVSS7.2AI score0.0088EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.40 views

Information disclosure in the back end

More info at https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html...

5.3CVSS7.2AI score0.0088EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.24 views

Existing sessions are not correctly invalidated when a user changes their password

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10641.html...

9.8CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.39 views

Existing sessions are not correctly invalidated when a user changes their password

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10641.html...

9.8CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.40 views

SQL injection vulnerabililty in the file manager search filter

More info at https://contao.org/en/news/security-vulnerability-cve-2019-11512.html...

9.8CVSS7.2AI score0.01462EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.21 views

Cross site scripting via HTML attributes in the back end

More info at https://contao.org/en/security-advisories/cross-site-scripting-via-html-attributes-in-the-back-end.html...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.33 views

Cross site scripting via HTML attributes in the back end

More info at https://contao.org/en/security-advisories/cross-site-scripting-via-html-attributes-in-the-back-end.html...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.9 views

Padding Oracle Vulnerability in RSA Encryption

See https://framework.zend.com/security/advisory/ZF2015-10 it's essentially the same vulnerability...

7.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.23 views

Class-Name Injection

Tested on 1.8.0-beta-5 In safe mode with html markup disabled, it is possible to insert any classname into a code block like this: \js any-class-name with spaces code \ renders as: code infostring needs some cleanup here:...

8.1CVSS8AI score0.01469EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.5 views

HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

More info at https://symfony.com/cve-2026-46637...

5.8AI score0.0006EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.9 views

CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering

More info at https://symfony.com/cve-2026-45072...

5.8AI score0.00062EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.5 views

CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

More info at https://symfony.com/cve-2026-48784...

5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.24 views

Moderately critical - Cross Site Scripting

More info at https://www.drupal.org/sa-core-2018-003...

6.1CVSS9.7AI score0.0178EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.26 views

Moderately critical - Cross Site Scripting

More info at https://www.drupal.org/sa-core-2018-003...

6.1CVSS9.7AI score0.0178EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.8 views

CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

More info at https://symfony.com/cve-2026-45064...

5.8AI score0.00069EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.31 views

Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-004...

9.8CVSS7.2AI score0.99069EPSS
Exploits14Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.29 views

Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-004...

9.8CVSS7.2AI score0.99069EPSS
Exploits14Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.6 views

CVE-2026-45133: YAML Parser Stack Exhaustion via Unbounded Recursion in Nested Blocks, Sequences, and Mappings

More info at https://symfony.com/cve-2026-45133...

5.8AI score0.00089EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.18 views

Prevent installation typosquatting malware

More info at https://www.kernelmode.blog/typosquatting-malware-found-in-composer-repository/...

0.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.4 views

CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address

More info at https://symfony.com/cve-2026-45068...

5.8AI score0.00062EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.13 views

CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

More info at https://symfony.com/cve-2026-48747...

5.8AI score0.00018EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.10 views

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

5.8AI score0.00051EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.6 views

CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names

More info at https://symfony.com/cve-2026-45070...

5.8AI score0.00056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.6 views

CVE-2026-48760: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense

More info at https://symfony.com/cve-2026-48760...

5.8AI score0.00025EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.5 views

CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

More info at https://symfony.com/cve-2026-45074...

5.8AI score0.00064EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.7 views

Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`

More info at https://symfony.com/blog/cve-2026-48808-sandbox-property-allowlist-bypass-via-the-column-filter-under-sourcepolicyinterface...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.4 views

CVE-2026-45755: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45755...

5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.31 views

CVE-2024-50340: Ability to change environment from query

More info at https://symfony.com/cve-2024-50340...

7.3CVSS6.6AI score0.63422EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.11 views

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2024-50342...

4.3CVSS6.6AI score0.00481EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.38 views

CVE-2024-51736: Command execution hijack on Windows with Process class

More info at https://symfony.com/cve-2024-51736...

9.8CVSS6.8AI score0.0043EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.26 views

CVE-2024-50340: Ability to change environment from query

More info at https://symfony.com/cve-2024-50340...

7.3CVSS6.6AI score0.63422EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.15 views

CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch

More info at https://symfony.com/cve-2026-46626...

7.3CVSS5.8AI score0.63422EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.35 views

CVE-2023-46733: Potential XSS in WebhookController

More info at https://symfony.com/cve-2023-46733...

6.5CVSS7.2AI score0.00689EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.30 views

CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters

More info at https://symfony.com/cve-2023-46734...

6.1CVSS7.2AI score0.00682EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.7 views

CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

More info at https://symfony.com/cve-2026-45064...

5.8AI score0.00069EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.9 views

CVE-2026-45066: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

More info at https://symfony.com/cve-2026-45066...

5.8AI score0.00048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.19 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010

More info at https://www.drupal.org/sa-core-2020-010...

6.1CVSS7.2AI score0.00633EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.28 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

More info at https://www.drupal.org/sa-core-2020-007...

6.1CVSS7.2AI score0.02925EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.24 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010

More info at https://www.drupal.org/sa-core-2020-010...

6.1CVSS7.2AI score0.00633EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.27 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

More info at https://www.drupal.org/sa-core-2020-007...

6.1CVSS7.2AI score0.02925EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 1970/01/01 12:0 a.m.23 views

CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2026-48736...

5.8AI score0.00029EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1697