| CVE-2016-2403 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. |
| CVE-2026-45067 |
high |
— |
8.0 |
|
|
|
17d ago |
Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address |
| CVE-2026-45063 |
high |
— |
8.0 |
|
|
|
17d ago |
Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator |
| CVE-2026-45077 |
high |
— |
8.0 |
|
|
|
17d ago |
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener |
| CVE-2016-4423 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x befo… |
| CVE-2016-1902 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the par… |
| CVE-2015-8125 |
high |
— |
7.5 |
|
|
|
11y ago |
Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/… |
| CVE-2013-1397 |
high |
— |
7.5 |
|
|
|
12y ago |
Symfony Arbitrary PHP code Execution |
| CVE-2013-1348 |
high |
— |
7.5 |
|
|
|
12y ago |
Symphony Vulnerable to PHP Code Injection via YAML Parsing |
| CVE-2026-45072 |
low |
— |
2.5 |
|
|
|
17d ago |
Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering |
| CVE-2026-45071 |
low |
— |
2.5 |
|
|
|
17d ago |
Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true |
| CVE-2026-45133 |
low |
— |
2.5 |
|
|
|
17d ago |
Symfony hardened the parser when handling untrusted input |
| CVE-2026-45304 |
low |
— |
2.5 |
|
|
|
17d ago |
Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs") |
| CVE-2026-45305 |
low |
— |
2.5 |
|
|
|
17d ago |
Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex |
