Search CVE reports


Toggle filters

161 – 170 of 30790 results

Status is adjusted based on your filters.


CVE-2026-57108

Medium priority
Fixed

Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 26.04 LTS
dotnet6 Not in release
dotnet7 Not in release
dotnet8 Not in release
dotnet9 Not in release
dotnet10 Fixed
Show less packages

CVE-2026-45756

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.3.0-BETA1 until 7.4.12 and 8.0.12, the JsonPath component compiles attacker-controlled match() and search() filter patterns...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45077

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45074

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost(), which...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45067

Medium priority
Needs evaluation

### Description `Symfony\Component\Mime\Address` is the value-object every Symfony Mailer address (to/cc/bcc/from/reply-to) flows through; its constructor is documented as validating the address and throwing on invalid input,...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45066

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-45065

Medium priority
Needs evaluation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern built as ^ plus the raw...

1 affected package

symfony

Package 26.04 LTS
symfony Needs evaluation
Show less packages

CVE-2026-15747

Medium priority
Needs evaluation

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. _csrf_token generates and caches one token per session and returns the same value on...

1 affected package

libmojolicious-perl

Package 26.04 LTS
libmojolicious-perl Needs evaluation
Show less packages

CVE-2026-59888

Medium priority
Needs evaluation

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore...

1 affected package

jackson-databind

Package 26.04 LTS
jackson-databind Needs evaluation
Show less packages

CVE-2026-59886

Medium priority
Needs evaluation

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only...

1 affected package

pyasn1

Package 26.04 LTS
pyasn1 Needs evaluation
Show less packages