Search CVE reports


Toggle filters

121 – 130 of 43937 results

Status is adjusted based on your filters.


CVE-2026-45304

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection aliases recursively, allowing a...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45133

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, when the parser is exposed to attacker-controlled input, deeply nested mappings or...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45075

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, method-scoped #[IsGranted], #[IsSignatureValid], and #[IsCsrfTokenValid] attributes can be configured...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45073

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, PdoAdapter::doClear() builds a DELETE statement using a namespace derived from the...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45072

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.4.24 until 6.4.40, 7.4.12, and 8.0.12, the development profiler file_excerpt Twig filter escapes PHP files...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45070

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Mime\Header\ParameterizedHeader validates and encodes parameter...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45069

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims() registered audience (aud), issuer (iss), and expiry (exp)...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45064

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlSanitizer::parse() passes Unicode explicit-direction BiDi...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45063

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $_SERVER['SSL_CLIENT_S_DN'] with an...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-15712

Medium priority
Needs evaluation

A heap buffer over-read vulnerability was discovered in libsoup's (versions: libsoup 3.0 to 3.7.0) HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional...

1 affected package

libsoup3

Package 22.04 LTS
libsoup3 Needs evaluation
Show less packages