VIR Vulnerability Intelligence Relay

Package impact

php Packagist / symfony/security-http

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-45063 high 8.0 8d ago Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator debianphp
CVE-2016-4423 high 7.5 7.5 10y ago The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x befo… debianphp
CVE-2015-8125 high 7.5 11y ago Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/… debianphp
CVE-2015-8124 medium 6.8 11y ago Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a sess… debianphp
CVE-2026-45069 medium 5.5 8d ago Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims debianphp
CVE-2026-45074 medium 5.5 8d ago Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay debianphp
CVE-2026-45075 medium 5.5 8d ago Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] debianphp