| CVE-2026-45063 |
high |
— |
8.0 |
8d ago |
Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator |
|
| CVE-2026-45067 |
high |
— |
8.0 |
8d ago |
Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address |
|
| CVE-2026-45077 |
high |
— |
8.0 |
8d ago |
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener |
|
| CVE-2026-45072 |
low |
— |
2.5 |
8d ago |
Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering |
|
| CVE-2026-45305 |
low |
— |
2.5 |
8d ago |
Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex |
|
| CVE-2026-45133 |
low |
— |
2.5 |
8d ago |
Symfony hardened the parser when handling untrusted input |
|
| CVE-2026-45304 |
low |
— |
2.5 |
8d ago |
Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs") |
|
| CVE-2026-45071 |
low |
— |
2.5 |
8d ago |
Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true |
|