Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zend vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2015-3154
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework prior to 1.12.12, 2.x prior to 2.3.8, and 2.4.x prior to 2.4.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an...
Zend Zend Framework
383
VMScore
CVE-2012-4451
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x prior to 2.0.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) V...
Zend Zend Framework
Fedoraproject Fedora 16
Fedoraproject Fedora 17
Redhat Enterprise Linux 6.0
383
VMScore
CVE-2014-4913
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
Zend Zend Framework
Debian Debian Linux 8.0
755
VMScore
CVE-2011-1939
SQL injection vulnerability in Zend Framework 1.10.x prior to 1.10.9 and 1.11.x prior to 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP prior to 5.3.6.
Zend Zend Framework
Php Php
Debian Debian Linux 8.0
1 EDB exploit
668
VMScore
CVE-2015-0270
Zend Framework prior to 2.2.10 and 2.3.x prior to 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.
Zend Framework
383
VMScore
CVE-2018-1000841
Zend.To version before 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request...
Zend Zendto
383
VMScore
CVE-2018-10230
Zend Debugger in Zend Server prior to 9.1.3 has XSS, aka ZSR-2455.
Zend Zend Server
668
VMScore
CVE-2014-4914
The Zend_Db_Select::order function in Zend Framework prior to 1.12.7 does not properly handle parentheses, which allows remote malicious users to conduct SQL injection attacks via unspecified vectors.
Zend Zend Framework
Debian Debian Linux 7.0
Debian Debian Linux 8.0
445
VMScore
CVE-2015-7503
Zend Framework prior to 2.4.9, zend-framework/zend-crypt 2.4.x prior to 2.4.9, and 2.5.x prior to 2.5.2 allows remote malicious users to recover the RSA private key.
Zend Zend Framework 2.4.4
Zend Zend Framework 2.4.3
Zend Zend Framework 2.4.2
Zend Zend Framework 2.4.1
Zend Zend Framework 2.5.1
Zend Zend Framework 2.5.0
Zend Zend Framework 2.4.7
Zend Zend Framework 2.4.5
Zend Zend Framework 2.4.0
Zend Zend Framework 2.4.8
Zend Zend Framework 2.4.6
383
VMScore
CVE-2015-3257
Zend/Diactoros/Uri::filterPath in zend-diactoros prior to 1.0.4 does not properly sanitize path input, which allows remote malicious users to perform cross-site scripting (XSS) or open redirect attacks.
Zend Diactoros
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »