Search CVE reports


Toggle filters

111 – 120 of 30756 results

Status is adjusted based on your filters.


CVE-2026-15709

Medium priority
Needs evaluation

A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop (inflate()) processes data in chunks without enforcing an upper boundary limit on the output...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS
libsoup2.4 Needs evaluation
libsoup3 Needs evaluation
Show less packages

CVE-2026-47767

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.46 until 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the CVE-2024-50340 fix gated runtime argv parsing on empty($_GET), but...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-47304

Medium priority
Vulnerable

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS
dotnet6 Not in release
dotnet7 Not in release
dotnet8 Not in release
dotnet9 Not in release
dotnet10 Vulnerable
Show less packages

CVE-2026-47303

Medium priority
Vulnerable

Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS
dotnet6 Not in release
dotnet7 Not in release
dotnet8 Not in release
dotnet9 Not in release
dotnet10 Vulnerable
Show less packages

CVE-2026-47302

Medium priority
Vulnerable

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS
dotnet6 Not in release
dotnet7 Not in release
dotnet8 Not in release
dotnet9 Not in release
dotnet10 Vulnerable
Show less packages

CVE-2026-47300

Medium priority
Vulnerable

Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS
dotnet6 Not in release
dotnet7 Not in release
dotnet8 Not in release
dotnet9 Not in release
dotnet10 Vulnerable
Show less packages

CVE-2026-45755

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse() received the configured webhook secret but ignored the X-Mt-Signature...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45754

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45753

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlAttributeSanitizer::getSupportedAttributes() omits URL-valued...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45305

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup() used regular expressions with overlapping...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages