Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-3154
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework prior to 1.12.12, 2.x prior to 2.3.8, and 2.4.x prior to 2.4.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an...
Zend Zend Framework
6.1
CVSSv3
CVE-2012-4451
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x prior to 2.0.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) V...
Zend Zend Framework
Fedoraproject Fedora 16
Fedoraproject Fedora 17
Redhat Enterprise Linux 6.0
6.1
CVSSv3
CVE-2014-4913
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
Zend Zend Framework
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2011-1939
SQL injection vulnerability in Zend Framework 1.10.x prior to 1.10.9 and 1.11.x prior to 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP prior to 5.3.6.
Zend Zend Framework
Php Php
Debian Debian Linux 8.0
1 EDB exploit
9.8
CVSSv3
CVE-2015-0270
Zend Framework prior to 2.2.10 and 2.3.x prior to 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.
Zend Framework
6.1
CVSSv3
CVE-2018-1000841
Zend.To version before 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request...
Zend Zendto
6.1
CVSSv3
CVE-2018-10230
Zend Debugger in Zend Server prior to 9.1.3 has XSS, aka ZSR-2455.
Zend Zend Server
9.8
CVSSv3
CVE-2014-4914
The Zend_Db_Select::order function in Zend Framework prior to 1.12.7 does not properly handle parentheses, which allows remote malicious users to conduct SQL injection attacks via unspecified vectors.
Zend Zend Framework
Debian Debian Linux 7.0
Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2015-7503
Zend Framework prior to 2.4.9, zend-framework/zend-crypt 2.4.x prior to 2.4.9, and 2.5.x prior to 2.5.2 allows remote malicious users to recover the RSA private key.
Zend Zend Framework 2.4.4
Zend Zend Framework 2.4.3
Zend Zend Framework 2.4.2
Zend Zend Framework 2.4.1
Zend Zend Framework 2.5.1
Zend Zend Framework 2.5.0
Zend Zend Framework 2.4.7
Zend Zend Framework 2.4.5
Zend Zend Framework 2.4.0
Zend Zend Framework 2.4.8
Zend Zend Framework 2.4.6
6.1
CVSSv3
CVE-2015-3257
Zend/Diactoros/Uri::filterPath in zend-diactoros prior to 1.0.4 does not properly sanitize path input, which allows remote malicious users to perform cross-site scripting (XSS) or open redirect attacks.
Zend Diactoros
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »