Search CVE reports
91 – 100 of 30717 results
A heap buffer over-read vulnerability was discovered in libsoup's (versions: libsoup 3.0 to 3.7.0) HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional...
1 affected package
libsoup3
| Package | 26.04 LTS |
|---|---|
| libsoup3 | Needs evaluation |
Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS |
|---|---|
| dotnet6 | Not in release |
| dotnet7 | Not in release |
| dotnet8 | Not in release |
| dotnet9 | Not in release |
| dotnet10 | Vulnerable |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.3.0-BETA1 until 7.4.12 and 8.0.12, the JsonPath component compiles attacker-controlled match() and search() filter patterns...
1 affected package
symfony
| Package | 26.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to...
1 affected package
symfony
| Package | 26.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost(), which...
1 affected package
symfony
| Package | 26.04 LTS |
|---|---|
| symfony | Needs evaluation |
### Description `Symfony\Component\Mime\Address` is the value-object every Symfony Mailer address (to/cc/bcc/from/reply-to) flows through; its constructor is documented as validating the address and throwing on invalid input,...
1 affected package
symfony
| Package | 26.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs...
1 affected package
symfony
| Package | 26.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern built as ^ plus the raw...
1 affected package
symfony
| Package | 26.04 LTS |
|---|---|
| symfony | Needs evaluation |
Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. _csrf_token generates and caches one token per session and returns the same value on...
1 affected package
libmojolicious-perl
| Package | 26.04 LTS |
|---|---|
| libmojolicious-perl | Needs evaluation |
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore...
1 affected package
jackson-databind
| Package | 26.04 LTS |
|---|---|
| jackson-databind | Needs evaluation |