Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-29312
An issue found in Zend Framework v.3.1.3 and before allow a remote malicious user to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was ...
Zend Zend Framework
6.5
CVSSv3
CVE-2022-4397
A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to laun...
Zend-blog-2 Project Zend-blog-2 -
9.8
CVSSv3
CVE-2021-21426
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported ...
6.1
CVSSv3
CVE-2021-27888
ZendTo prior to 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.
Zend Zendto
Zend Zendto 6.06-1
Zend Zendto 6.06-2
Zend Zendto 6.06-3
9.8
CVSSv3
CVE-2021-3007
Laminas Project laminas-http prior to 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Fra...
Getlaminas Laminas-http
Zend Zend Framework 3.0.0
4 Github repositories
9.8
CVSSv3
CVE-2020-8986
lib/NSSDropbox.php in ZendTo before 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an malicious user to gain administrative access with a large number of requests.
Zend Zendto 3.10
Zend Zendto 3.11
Zend Zendto 3.12
Zend Zendto 3.13
Zend Zendto 3.20
Zend Zendto 3.51
Zend Zendto 3.52
Zend Zendto 3.53
Zend Zendto 3.54
Zend Zendto 3.55
Zend Zendto 3.56-2
Zend Zendto 3.57
Zend Zendto 3.58
Zend Zendto 3.59
Zend Zendto 3.60
Zend Zendto 3.61
Zend Zendto 3.62
Zend Zendto 3.63
Zend Zendto 3.64
Zend Zendto 3.65
Zend Zendto 3.70-2
Zend Zendto 3.71
7.5
CVSSv3
CVE-2020-8984
lib/NSSDropbox.php in ZendTo before 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.
Zend Zendto 3.10
Zend Zendto 3.11
Zend Zendto 3.12
Zend Zendto 3.13
Zend Zendto 3.20
Zend Zendto 3.51
Zend Zendto 3.52
Zend Zendto 3.53
Zend Zendto 3.54
Zend Zendto 3.55
Zend Zendto 3.56-2
Zend Zendto 3.57
Zend Zendto 3.58
Zend Zendto 3.59
Zend Zendto 3.60
Zend Zendto 3.61
Zend Zendto 3.62
Zend Zendto 3.63
Zend Zendto 3.64
Zend Zendto 3.65
Zend Zendto 3.70-2
Zend Zendto 3.71
8.8
CVSSv3
CVE-2020-8985
ZendTo before 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.
Zend Zendto 3.10
Zend Zendto 3.11
Zend Zendto 3.12
Zend Zendto 3.13
Zend Zendto 3.20
Zend Zendto 3.51
Zend Zendto 3.52
Zend Zendto 3.53
Zend Zendto 3.54
Zend Zendto 3.55
Zend Zendto 3.56-2
Zend Zendto 3.57
Zend Zendto 3.58
Zend Zendto 3.59
Zend Zendto 3.60
Zend Zendto 3.61
Zend Zendto 3.62
Zend Zendto 3.63
Zend Zendto 3.64
Zend Zendto 3.65
Zend Zendto 3.70-2
Zend Zendto 3.71
9.8
CVSSv3
CVE-2014-8089
SQL injection vulnerability in Zend Framework prior to 1.12.9, 2.2.x prior to 2.2.8, and 2.3.x prior to 2.3.3, when using the sqlsrv PHP extension, allows remote malicious users to execute arbitrary SQL commands via a null byte.
Zend Zend Framework
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 7.0
Fedoraproject Fedora 19
Fedoraproject Fedora 20
Fedoraproject Fedora 21
9.8
CVSSv3
CVE-2014-2052
Zend Framework, as used in ownCloud Server prior to 5.0.15 and 6.0.x prior to 6.0.2, allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Owncloud Owncloud
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »