Identity Spoofing via Unanchored DN Regex in X509Authenticator
May 20, 2026
#Security Advisories
#Symfony
HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and Misclassification
May 20, 2026
#Security Advisories
#Symfony
Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address
May 20, 2026
#Security Advisories
#Symfony
Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
May 20, 2026
#Security Advisories
#Symfony
OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
May 20, 2026
#Security Advisories
#Symfony
Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering
May 20, 2026
#Security Advisories
#Symfony
Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
May 20, 2026
#Security Advisories
#Symfony
HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
May 20, 2026
#Security Advisories
#Symfony
Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
May 20, 2026
#Security Advisories
#Symfony
YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex
May 20, 2026
#Security Advisories
#Symfony