Search CVE reports


Toggle filters

131 – 140 of 43937 results

Status is adjusted based on your filters.


CVE-2026-57108

Medium priority
Vulnerable

Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 22.04 LTS
dotnet6 Vulnerable
dotnet7 Ignored
dotnet8 Vulnerable
dotnet9 Not in release
dotnet10 Not in release
Show less packages

CVE-2026-45756

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.3.0-BETA1 until 7.4.12 and 8.0.12, the JsonPath component compiles attacker-controlled match() and search() filter patterns...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45077

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45074

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost(), which...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45067

Medium priority
Needs evaluation

### Description `Symfony\Component\Mime\Address` is the value-object every Symfony Mailer address (to/cc/bcc/from/reply-to) flows through; its constructor is documented as validating the address and throwing on invalid input,...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45066

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45065

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern built as ^ plus the raw...

1 affected package

symfony

Package 22.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-15747

Medium priority
Needs evaluation

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. _csrf_token generates and caches one token per session and returns the same value on...

1 affected package

libmojolicious-perl

Package 22.04 LTS
libmojolicious-perl Needs evaluation
Show less packages

CVE-2026-59888

Medium priority
Needs evaluation

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore...

1 affected package

jackson-databind

Package 22.04 LTS
jackson-databind Needs evaluation
Show less packages

CVE-2026-59886

Medium priority
Needs evaluation

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only...

1 affected package

pyasn1

Package 22.04 LTS
pyasn1 Needs evaluation
Show less packages