| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-30964 | Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation | web-auth | webauthn-framework | Medium | 5.4 | 2026-03-10 17:16:47 | Deep Dive |
| CVE-2026-24739 | Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations | symfony | symfony | Medium | 6.3 | 2026-01-28 20:25:22 | Deep Dive |
| CVE-2025-64500 | Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass | symfony | symfony | High | 7.3 | 2025-11-12 21:40:58 | Deep Dive |
| CVE-2025-47946 | symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes | symfony | ux | Medium | 6.1 | 2025-05-19 19:25:19 | Deep Dive |
| CVE-2024-13250 | Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014 | Drupal | Drupal Symfony Mailer Lite | 中危 | - | 2025-01-09 18:57:50 | Deep Dive |
| CVE-2024-51996 | Symphony has an Authentication Bypass via RememberMe | symfony | symfony | High | 7.5 | 2024-11-13 16:18:49 | Deep Dive |
| CVE-2024-50340 | Ability to change environment from query in symfony/runtime | symfony | symfony | High | 7.3 | 2024-11-06 21:09:47 | Deep Dive |
| CVE-2024-50341 | Security::login does not take into account custom user_checker in symfony/security-bundle | symfony | symfony | Low | 3.1 | 2024-11-06 21:06:49 | Deep Dive |
| CVE-2024-50342 | Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client | symfony | symfony | Low | 3.1 | 2024-11-06 21:03:12 | Deep Dive |
| CVE-2024-50343 | Incorrect response from Validator when input ends with `\n` in symfony/validator | symfony | symfony | Low | 3.1 | 2024-11-06 21:00:55 | Deep Dive |
| CVE-2024-50345 | Open redirect via browser-sanitized URLs in symfony/http-foundation | symfony | symfony | Low | 3.1 | 2024-11-06 20:56:21 | Deep Dive |
| CVE-2024-51736 | Command execution hijack on Windows with Process class in symfony/process | symfony | symfony | None | 0.0 | 2024-11-06 20:51:39 | Deep Dive |
| CVE-2023-46735 | Symfony potential Cross-site Scripting in WebhookController | symfony | symfony | Medium | 6.1 | 2023-11-10 17:58:18 | Deep Dive |
| CVE-2023-46734 | Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters | symfony | symfony | Medium | 6.1 | 2023-11-10 17:49:55 | Deep Dive |
| CVE-2023-46733 | Symfony possible session fixation vulnerability | symfony | symfony | Medium | 6.5 | 2023-11-10 17:09:14 | Deep Dive |
| CVE-2023-41336 | Prevent injection of invalid entity ids for "autocomplete" fields in symfony ux-autocomplete | symfony | ux-autocomplete | Medium | 6.5 | 2023-09-11 19:21:49 | Deep Dive |
| CVE-2022-24894 | Symfony storing cookie headers in HttpCache | symfony | symfony | Medium | 5.9 | 2023-02-03 21:46:24 | Deep Dive |
| CVE-2022-24895 | Symfony vulnerable to Session Fixation of CSRF tokens | symfony | symfony | Medium | 6.3 | 2023-02-03 21:45:27 | Deep Dive |
| CVE-2022-23601 | CSRF token missing in Symfony | symfony | symfony | High | 8.1 | 2022-02-01 12:17:35 | Deep Dive |
| CVE-2021-41270 | CSV Injection in Symfony | symfony | symfony | Medium | 6.5 | 2021-11-24 19:05:11 | Deep Dive |