Search CVE reports


Toggle filters

121 – 130 of 42760 results

Status is adjusted based on your filters.


CVE-2026-45754

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook...

1 affected package

symfony

Package 20.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45753

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlAttributeSanitizer::getSupportedAttributes() omits URL-valued...

1 affected package

symfony

Package 20.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45305

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup() used regular expressions with overlapping...

1 affected package

symfony

Package 20.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45304

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection aliases recursively, allowing a...

1 affected package

symfony

Package 20.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45133

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, when the parser is exposed to attacker-controlled input, deeply nested mappings or...

1 affected package

symfony

Package 20.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45075

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, method-scoped #[IsGranted], #[IsSignatureValid], and #[IsCsrfTokenValid] attributes can be configured...

1 affected package

symfony

Package 20.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45073

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, PdoAdapter::doClear() builds a DELETE statement using a namespace derived from the...

1 affected package

symfony

Package 20.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45072

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.4.24 until 6.4.40, 7.4.12, and 8.0.12, the development profiler file_excerpt Twig filter escapes PHP files...

1 affected package

symfony

Package 20.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45070

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Mime\Header\ParameterizedHeader validates and encodes parameter...

1 affected package

symfony

Package 20.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45069

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims() registered audience (aud), issuer (iss), and expiry (exp)...

1 affected package

symfony

Package 20.04 LTS
symfony Needs evaluation
Show less packages