| google/protobuf |
CVE-2026-6409 |
高危 |
v4.31.1 |
4.33.6 |
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP lib ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6409
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 2026-04-16 15:17 修改: 2026-06-17 11:00
|
| laravel/framework |
GHSA-5vg9-5847-vvmq |
高危 |
v12.54.1 |
13.10.0, 12.60.0 |
Laravel Framework: CRLF injection in default email rule
漏洞详情: https://github.com/advisories/GHSA-5vg9-5847-vvmq
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 2026-06-17 13:53 修改: 2026-06-17 13:53
|
| symfony/http-kernel |
CVE-2026-45075 |
高危 |
v7.4.7 |
8.0.12, 7.4.12 |
CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45075
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| symfony/mime |
CVE-2026-45067 |
高危 |
v7.4.7 |
5.0.0, 5.1.0, 5.4.0, 5.4.52, 6.1.0, 6.4.0, 7.1.0, 8.0.12, 3.0.0, 5.2.0, 6.3.0, 7.3.0, 5.3.0, 6.2.0, 6.4.40, 7.2.0, 7.4.0, 7.4.12, 4.0.0 |
CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45067
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| guzzlehttp/psr7 |
CVE-2026-49214 |
中危 |
2.9.0 |
2.10.2 |
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49214
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 2026-06-11 13:16 修改: 2026-06-17 10:55
|
| guzzlehttp/psr7 |
CVE-2026-55766 |
中危 |
2.9.0 |
2.12.1 |
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55766
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 2026-06-23 16:17 修改: 2026-06-30 17:17
|
| guzzlehttp/guzzle |
CVE-2026-55568 |
中危 |
7.10.0 |
7.12.1 |
Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain c ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55568
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 2026-06-23 16:17 修改: 2026-06-26 19:34
|
| laravel/framework |
GHSA-crmm-hgp2-wgrp |
中危 |
v12.54.1 |
13.12.0, 12.61.1 |
Laravel Framework: Temporary Signed URL Path Confusion
漏洞详情: https://github.com/advisories/GHSA-crmm-hgp2-wgrp
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 2026-06-17 13:54 修改: 2026-06-17 13:54
|
| league/commonmark |
CVE-2026-33347 |
中危 |
2.8.1 |
2.8.2 |
league/commonmark is a PHP Markdown parser. From version 2.3.0 to befo ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33347
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 2026-03-24 20:16 修改: 2026-06-17 10:37
|
| symfony/http-foundation |
CVE-2026-48736 |
中危 |
v7.4.7 |
7.4.0, 7.4.13, 8.0.13, 6.4.41, 7.1.0, 7.2.0, 7.3.0 |
CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48736
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| guzzlehttp/guzzle |
CVE-2026-55767 |
中危 |
7.10.0 |
7.12.1 |
Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55767
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 2026-06-23 16:17 修改: 2026-06-26 19:34
|
| symfony/mailer |
CVE-2026-45068 |
中危 |
v7.4.6 |
5.1.0, 5.2.0, 5.3.0, 5.4.0, 6.1.0, 6.2.0, 6.4.0, 3.0.0, 4.0.0, 5.4.52, 6.3.0, 7.1.0, 7.3.0, 7.4.12, 6.4.40, 5.0.0, 7.2.0, 7.4.0, 8.0.12 |
CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45068
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| guzzlehttp/psr7 |
CVE-2026-48998 |
中危 |
2.9.0 |
2.10.2 |
guzzlehttp/psr7: guzzlehttp/psr7: Information disclosure via improper Host header validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48998
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 2026-06-11 13:16 修改: 2026-06-17 10:55
|
| symfony/mime |
CVE-2026-45070 |
中危 |
v7.4.7 |
5.3.0, 5.4.52, 7.1.0, 4.0.0, 5.1.0, 5.4.0, 6.1.0, 6.4.0, 8.0.12, 6.4.40, 7.2.0, 7.4.12, 5.0.0, 6.2.0, 6.3.0, 7.3.0, 7.4.0, 3.0.0, 5.2.0 |
CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45070
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| symfony/routing |
CVE-2026-45065 |
中危 |
v7.4.6 |
5.4.0, 6.1.0, 6.4.40, 7.4.0, 7.4.12, 5.2.0, 7.3.0, 8.0.12, 5.0.0, 5.3.0, 5.4.52, 6.2.0, 6.3.0, 6.4.0, 7.1.0, 3.0.0, 4.0.0, 7.2.0, 5.1.0 |
CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45065
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| symfony/routing |
CVE-2026-48784 |
中危 |
v7.4.6 |
5.4.53, 6.2.0, 6.3.0, 6.4.41, 7.4.13, 8.0.13, 4.0.0, 5.3.0, 7.4.0, 3.0.0, 5.0.0, 5.1.0, 5.4.0, 6.1.0, 7.1.0, 7.2.0, 7.3.0, 5.2.0, 6.4.0 |
CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48784
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| firebase/php-jwt |
CVE-2025-45769 |
低危 |
v6.11.1 |
7.0.0 |
php-jwt contains weak encryption
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45769
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 2025-07-31 20:15 修改: 2026-06-17 09:25
|
| symfony/polyfill-intl-idn |
CVE-2026-46644 |
低危 |
v1.33.0 |
1.38.1 |
[insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels]
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46644
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| symfony/yaml |
CVE-2026-45133 |
低危 |
v7.3.1 |
6.3.0, 6.4.0, 6.4.40, 7.1.0, 7.2.0, 5.0.0, 5.3.0, 6.1.0, 6.2.0, 7.4.12, 3.0.0, 5.1.0, 5.2.0, 5.4.0, 8.0.12, 4.0.0, 5.4.52, 7.3.0, 7.4.0 |
CVE-2026-45133: YAML Parser Stack Exhaustion via Unbounded Recursion in Nested Blocks, Sequences, and Mappings
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45133
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| symfony/yaml |
CVE-2026-45304 |
低危 |
v7.3.1 |
7.4.0, 8.0.12, 6.3.0, 7.4.12, 5.1.0, 5.2.0, 5.3.0, 6.2.0, 7.1.0, 7.2.0, 7.3.0, 3.0.0, 5.0.0, 6.1.0, 6.4.40, 4.0.0, 5.4.0, 5.4.52, 6.4.0 |
CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45304
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| symfony/yaml |
CVE-2026-45305 |
低危 |
v7.3.1 |
7.2.0, 7.3.0, 7.4.0, 7.4.12, 8.0.12, 6.4.40, 4.0.0, 5.0.0, 5.1.0, 5.3.0, 6.1.0, 6.2.0, 7.1.0, 5.2.0, 5.4.0, 6.3.0, 6.4.0, 3.0.0, 5.4.52 |
CVE-2026-45305: YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45305
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| laravel/framework |
CVE-2026-48019 |
未知 |
v12.54.1 |
12.0.0, 12.60.0, 13.10.0, 10.0.0, 11.0.0 |
[CRLF injection in default email rule]
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48019
镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|