Lucene search
K
FriendsofphpRecent

1702 matches found

Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Contextual Links validation - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.70 views

Class-Name Injection

Tested on 1.8.0-beta-5 In safe mode with html markup disabled, it is possible to insert any classname into a code block like this: \js any-class-name with spaces code \ renders as: code infostring needs some cleanup here:...

8.1CVSS8AI score0.01469EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.23 views

CVE-2019-10911: Add a separator in the remember me cookie hash

More info at https://symfony.com/cve-2019-10911...

7.5CVSS7.2AI score0.01243EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.26 views

CVE-2018-14773: Remove support for legacy and risky HTTP headers

More info at https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers...

6.5CVSS7.2AI score0.58061EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.31 views

CVE-2019-10909: Escape validation messages in the PHP templating engine

More info at https://symfony.com/cve-2019-10909...

5.4CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.27 views

CVE-2019-10910: Check service IDs are valid

More info at https://symfony.com/cve-2019-10910...

9.8CVSS7.2AI score0.0595EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.25 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

More info at https://symfony.com/cve-2019-18888...

7.5CVSS7.2AI score0.02248EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.30 views

CVE-2019-18887: Use constant time comparison in UriSigner

More info at https://symfony.com/cve-2019-18887...

8.1CVSS7.2AI score0.01338EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.40 views

CVE-2019-10913: Reject invalid HTTP method overrides

More info at https://symfony.com/cve-2019-10913...

9.8CVSS7.2AI score0.01854EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.35 views

CVE-2019-18886: Prevent user enumeration using switch user functionality

More info at https://symfony.com/cve-2019-18886...

5.3CVSS7.2AI score0.01552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.26 views

CVE-2019-18889: Forbid serializing AbstractAdapter and TagAwareAdapter instances

More info at https://symfony.com/cve-2019-18889...

9.8CVSS7.2AI score0.33247EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.12 views

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2024-50342...

4.3CVSS6.6AI score0.00481EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.18 views

CVE-2024-50341: Security::login does not take into account custom user_checker

More info at https://symfony.com/cve-2024-50341...

3.1CVSS6.6AI score0.00318EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.16 views

CVE-2024-50345: Open redirect via browser-sanitized URLs

More info at https://symfony.com/cve-2024-50345...

6.1CVSS6.6AI score0.00565EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.37 views

CVE-2023-46733: Potential XSS in WebhookController

More info at https://symfony.com/cve-2023-46733...

6.5CVSS7.2AI score0.00689EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.31 views

CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters

More info at https://symfony.com/cve-2023-46734...

6.1CVSS7.2AI score0.00682EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.20 views

CVE-2019-10911: Add a separator in the remember me cookie hash

More info at https://symfony.com/cve-2019-10911...

7.5CVSS7.2AI score0.01243EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

More info at https://symfony.com/cve-2026-45069...

5.8AI score0.0005EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.29 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names

More info at https://symfony.com/cve-2026-45070...

5.8AI score0.00056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

CVE-2026-45071: XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true

More info at https://symfony.com/cve-2026-45071...

5.8AI score0.00052EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass

More info at https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass...

7.3CVSS6.6AI score0.01344EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

Cross-Site Scripting

I've picked up on the work started over at 276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggested earlier so that all attributes are...

4.3CVSS5.8AI score0.012EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

SS-2018-015: Vulnerable dependency

More info at https://www.silverstripe.org/download/security-releases/ss-2018-015/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

More info at https://symfony.com/cve-2026-48784...

5.8AI score0.00026EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.31 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.64 views

Cross-Site Scripting

I've picked up on the work started over at https://github.com/erusev/parsedown/pull/276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggest...

6.1CVSS5.9AI score0.012EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.32 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

More info at https://www.drupal.org/sa-core-2020-007...

6.1CVSS7.2AI score0.02925EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.11 views

External URL injection through URL aliases - Moderately Critical - Open Redirect

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.20 views

CVE-2024-50343: Incorrect response from Validator when input ends with ` `

More info at https://symfony.com/cve-2024-50343...

3.1CVSS6.6AI score0.00465EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.33 views

CVE-2024-50340: Ability to change environment from query

More info at https://symfony.com/cve-2024-50340...

7.3CVSS6.6AI score0.63422EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.28 views

CVE-2024-50340: Ability to change environment from query

More info at https://symfony.com/cve-2024-50340...

7.3CVSS6.6AI score0.63422EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.32 views

Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-004...

9.8CVSS7.2AI score0.99236EPSS
Exploits14Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch

More info at https://symfony.com/cve-2026-46626...

7.3CVSS5.8AI score0.63422EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.28 views

Moderately critical - Cross Site Scripting - SA-CORE-2019-004

More info at https://www.drupal.org/SA-CORE-2019-004...

5.4CVSS7.2AI score0.12408EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.8 views

CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

More info at https://symfony.com/cve-2026-45069...

5.8AI score0.0005EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.11 views

CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

More info at https://symfony.com/cve-2026-45065...

5.8AI score0.0004EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Drupal core - Moderately critical - Denial of Service

More info at https://www.drupal.org/sa-core-2024-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.31 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009

More info at https://www.drupal.org/sa-core-2020-009...

6.1CVSS7.2AI score0.00681EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

More info at https://symfony.com/cve-2026-45065...

5.8AI score0.0004EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.33 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Reflected Cross-Site-Scripting

More info at https://simplesamlphp.org/security/201907-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.12 views

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

More info at https://www.drupal.org/sa-core-2020-013...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.12 views

External URL injection through URL aliases - Moderately Critical - Open Redirect

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.30 views

CVE-2019-10912: Prevent destructors with side-effects from being unserialized

More info at https://symfony.com/cve-2019-10912...

7.1CVSS7.2AI score0.02302EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.11 views

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005

More info at https://www.drupal.org/sa-core-2021-005...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.12 views

CVE-2026-45305: YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex

More info at https://symfony.com/cve-2026-45305...

5.8AI score0.00076EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.32 views

CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch

More info at https://symfony.com/cve-2026-46626...

7.3CVSS5.8AI score0.63422EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702