Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
May 20, 2026
#Symfony
OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
May 20, 2026
#Symfony
CVE-2026-45071 XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
May 20, 2026
#Symfony
Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering
May 20, 2026
#Symfony
SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
May 20, 2026
#Symfony
Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
May 20, 2026
#Symfony
HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
May 20, 2026
#Symfony
Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
May 20, 2026
#Symfony
YAML Parser Stack Exhaustion via Unbounded Recursion in Nested Blocks, Sequences, and Mappings
May 20, 2026
#Symfony
YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
May 20, 2026
#Symfony