| Vendor | Product | Version Range | Status |
|---|---|---|---|
| symfony | mailomat-mailer | >= 7.2.0, < 7.4.12 | affected |
>= 8.0.0-BETA1, < 8.0.13 | affected | ||
| symfony | symfony | >= 7.2.0, < 7.4.12 | affected |
>= 8.0.0-BETA1, < 8.0.13 | affected |
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| symfony | symfony | >= 7.2.0, < 7.4.12 | - | |
| symfony | mailomat-mailer | >= 7.2.0, < 7.4.12 | - |
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-45133 | Symfony: [Yaml] Harden the parser when handling untrusted input | |
| CVE-2026-46644 | symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only | |
| CVE-2026-48761 | Symfony: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, | |
| CVE-2026-48736 | Symfony: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-c | |
| CVE-2026-48760 | Symfony: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks an | |
| CVE-2026-48489 | Symfony: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access t | |
| CVE-2026-48784 | Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Gener | |
| CVE-2026-47212 | Symfony: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauth | |
| CVE-2026-45068 | Symfony: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address | |
| CVE-2026-45071 | Symfony: XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = | |
| CVE-2026-47767 | Symfony: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/AP | |
| CVE-2026-45075 | Symfony: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureVali | |
| CVE-2026-45304 | Symfony: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansio | |
| CVE-2026-45063 | Symfony: Identity Spoofing via Unanchored DN Regex in X509Authenticator | |
| CVE-2026-45070 | Symfony: Email Header Injection via Non-Token Characters in Mime Parameter Names | |
| CVE-2026-45756 | Symfony: JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Wi | |
| CVE-2026-45754 | Symfony: Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthentica | |
| CVE-2026-45069 | Symfony: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims | |
| CVE-2026-45753 | Symfony: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — javascr | |
| CVE-2026-45072 | Symfony: Stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File R |
Showing top 20 of 30 CVEs. View all on vendor page → →
No comments yet