Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
symfony vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv2
CVE-2013-4751
php-symfony2-Validator has loss of information during serialization
Sensiolabs Symfony
Redhat Enterprise Linux 6.0
Fedoraproject Fedora 19
Fedoraproject Fedora 18
7.5
CVSSv2
CVE-2022-23614
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to co...
Symfony Twig
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 11.0
2 Github repositories
4
CVSSv2
CVE-2018-14773
An issue exists in Http Foundation in Symfony 2.7.0 up to and including 2.7.48, 2.8.0 up to and including 2.8.43, 3.3.0 up to and including 3.3.17, 3.4.0 up to and including 3.4.13, 4.0.0 up to and including 4.0.13, and 4.1.0 up to and including 4.1.2. It arises from support for ...
Sensiolabs Symfony
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Drupal Drupal
1 Github repository
6.8
CVSSv2
CVE-2018-11385
An issue exists in the Security component in Symfony 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an malicious user to i...
Sensiolabs Symfony
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 28
NA
CVE-2022-39261
Twig is a template language for PHP. Versions 1.x before 1.44.7, 2.x before 2.15.3, and 3.x before 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary f...
Symfony Twig
Drupal Drupal
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
4.3
CVSSv2
CVE-2017-1665
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an malicious user to decrypt highly sensitive information. IBM X-Force ID: 133559.
Ibm Security Key Lifecycle Manager 2.5.0.2
Ibm Security Key Lifecycle Manager 2.5.0.3
Ibm Security Key Lifecycle Manager 2.5.0.4
Ibm Security Key Lifecycle Manager 2.5.0.5
Ibm Security Key Lifecycle Manager 2.6.0.1
Ibm Security Key Lifecycle Manager 2.6.0.2
Ibm Security Key Lifecycle Manager 2.6.0.3
Ibm Security Key Lifecycle Manager 2.7.0
Ibm Security Key Lifecycle Manager 2.5.0.0
Ibm Security Key Lifecycle Manager 2.5.0.7
Ibm Security Key Lifecycle Manager 2.6.0
Ibm Security Key Lifecycle Manager 2.7.0.1
Ibm Security Key Lifecycle Manager 2.5.0
Ibm Security Key Lifecycle Manager 2.5.0.1
Ibm Security Key Lifecycle Manager 2.5.0.6
Ibm Security Key Lifecycle Manager 2.5.0.8
Ibm Security Key Lifecycle Manager 2.7.0.2
Debian Debian Linux 9.0
NA
CVE-2024-28861
Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an ma...
NA
CVE-2023-39343
Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version ...
Sulu Sulu
NA
CVE-2024-27917
Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which con...
NA
CVE-2024-27915
Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have th...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »