Search CVE reports
101 – 110 of 30756 results
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, DefaultAuthenticationFailureHandler honored the request-supplied _failure_path...
1 affected package
symfony
| Package | 26.04 LTS |
|---|---|
| symfony | Needs evaluation |
Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when set_remote_address proxy_protocol: :v1 is enabled and persistent connections are used because...
1 affected package
puma
| Package | 26.04 LTS |
|---|---|
| puma | Needs evaluation |
Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, when PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer while waiting for CRLF to determine whether a...
1 affected package
puma
| Package | 26.04 LTS |
|---|---|
| puma | Needs evaluation |
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. In 3.4.4, DOMPurify allowed selectedcontent by default, allowing browsers to re-clone an XSS payload after sanitization so that unsanitized markup...
2 affected packages
dompurify.js, node-dompurify
| Package | 26.04 LTS |
|---|---|
| dompurify.js | Not in release |
| node-dompurify | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, TwilioRequestParser::doParse() received the configured webhook secret but ignored the...
1 affected package
symfony
| Package | 26.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Crawler::addXmlContent() set DOMDocument::$validateOnParse = true before loadXML(),...
1 affected package
symfony
| Package | 26.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, SendmailTransport in -t mode appended recipient addresses to the sendmail command line...
1 affected package
symfony
| Package | 26.04 LTS |
|---|---|
| symfony | Needs evaluation |
An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS |
|---|---|
| libsoup2.4 | Needs evaluation |
| libsoup3 | Needs evaluation |
A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream termination conditions, such as when an HTTP/2 connection encounters window...
1 affected package
libsoup3
| Package | 26.04 LTS |
|---|---|
| libsoup3 | Needs evaluation |
A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 ยง5.5, which mandates that all WebSocket control frames (e.g., PING, PONG, CLOSE)...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS |
|---|---|
| libsoup2.4 | Needs evaluation |
| libsoup3 | Needs evaluation |