| CVE-2026-45063 |
high |
— |
8.0 |
|
|
|
16d ago |
Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator |
| CVE-2016-4423 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x befo… |
| CVE-2015-8125 |
high |
— |
7.5 |
|
|
|
11y ago |
Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/… |
| CVE-2015-8124 |
medium |
— |
6.8 |
|
|
|
11y ago |
Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a sess… |
| CVE-2026-45075 |
medium |
— |
5.5 |
|
|
|
16d ago |
Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] |
| CVE-2026-45074 |
medium |
— |
5.5 |
|
|
|
16d ago |
Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay |
| CVE-2026-45069 |
medium |
— |
5.5 |
|
|
|
16d ago |
Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims |
| CVE-2026-48489 |
unknown |
— |
— |
|
|
|
10d ago |
CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes |
| CVE-2024-51996 |
unknown |
— |
— |
|
|
|
2y ago |
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted i… |
| CVE-2023-46733 |
unknown |
— |
— |
|
|
|
3y ago |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListene… |
| CVE-2018-11385 |
unknown |
— |
— |
|
|
|
4y ago |
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerabil… |
| CVE-2017-16652 |
unknown |
— |
— |
|
|
|
4y ago |
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler t… |
| CVE-2018-11406 |
unknown |
— |
— |
|
|
|
4y ago |
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session … |
| CVE-2018-19790 |
unknown |
— |
— |
|
|
|
4y ago |
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_f… |
| CVE-2021-32693 |
unknown |
— |
— |
|
|
|
5y ago |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prio… |
| CVE-2021-21424 |
unknown |
— |
— |
|
|
|
5y ago |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling de… |
| CVE-2020-5275 |
unknown |
— |
— |
|
|
|
6y ago |
In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides … |
| CVE-2019-10911 |
unknown |
— |
— |
|
|
|
6y ago |
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with… |
| CVE-2019-18886 |
unknown |
— |
— |
|
|
|
7y ago |
An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthor… |
