{"vulnerability": "cve-2026-4507", "sightings": [{"uuid": "159db378-9fc4-44be-8756-e870a96686a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45071", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqoyndsy2h", "content": "\ud83d\udd10 CVE-2026-45071: XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45071-xxe-local-file-disclosure-in-domcrawler-addxmlcontent-via-validateonparse-true", "creation_timestamp": "2026-05-20T10:57:38.021766Z"}, {"uuid": "effbf327-1761-4591-a158-67cd20f957a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45072", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqpfn7hs2h", "content": "\ud83d\udd10 CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45072-stored-xss-in-webprofiler-codeextension-fileexcerpt-unescaped-non-php-file-rendering", "creation_timestamp": "2026-05-20T10:58:13.441457Z"}, {"uuid": "bb7a6e4b-d42d-47eb-acff-47463532ffb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45077", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqpl56fn2v", "content": "\ud83d\udd10 CVE-2026-45077: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45077-unauthenticated-php-object-deserialization-in-monologbridge-server-log-listener", "creation_timestamp": "2026-05-20T10:58:16.783205Z"}, {"uuid": "2e03881d-f3da-4d36-9465-9c80ca693cd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45075", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqq5nq7i2h", "content": "\ud83d\udd10 CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45075-head-request-bypasses-methods-get-filter-in-isgranted-issignaturevalid-iscsrftokenvalid", "creation_timestamp": "2026-05-20T10:58:29.994027Z"}, {"uuid": "215ea900-64bc-43d5-b2dd-8b81a630bb1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45074", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqschhar2o", "content": "\ud83d\udd10 CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header \u2192 Cross-Service Ticket Replay\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45074-cas2handler-derives-cas-service-url-from-client-host-header-cross-service-ticket-replay", "creation_timestamp": "2026-05-20T10:59:28.965986Z"}, {"uuid": "7cb48277-63bb-418e-bb78-caec5de495ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45073", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbquicxtl2n", "content": "\ud83d\udd10 CVE-2026-45073: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45073-sql-injection-in-pdoadapter-doclear-via-unsanitized-prefix", "creation_timestamp": "2026-05-20T11:00:42.441748Z"}, {"uuid": "dfa27e54-c38f-4064-b086-d132dde4f184", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45075", "type": "seen", "source": "https://bsky.app/profile/mradcliffe.nokoto.org.ap.brid.gy/post/3mmbu4igtlyo2", "content": "Symfony 7.4.12, Symfony 8.0.12 and Twig 3.26.0 releases today with a bunch of CVEs.\n\nCVE-2026-46640 in twig and CVE-2026-45075 in Symfony router and CVE-2026-45064 in Symfony sanitizer seem particularly scary.\n\n`composer update` and test, test, test.", "creation_timestamp": "2026-05-20T11:59:01.677666Z"}, {"uuid": "5efd1818-0d34-4c32-8671-329c5ed0e41e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45070", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbzn2gy7z2m", "content": "\ud83d\udd10 CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45070-email-header-injection-via-non-token-characters-in-mime-parameter-names", "creation_timestamp": "2026-05-20T13:37:36.619922Z"}, {"uuid": "25ab33d6-6aa2-4a2d-9215-58ac8e8f943d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45070", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3qc4eg22q", "content": "\ud83d\udd17 CVE : CVE-2026-45070, CVE-2026-45077, CVE-2026-45304, CVE-2026-45305, CVE-2026-45753, CVE-2026-45754, CVE-2026-45755, CVE-2026-45756, CVE-2026-46626, CVE-2026-47212", "creation_timestamp": "2026-05-20T14:15:12.661496Z"}, {"uuid": "a1e58582-4bb5-4f86-8225-e6b8d3789333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45077", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3qc4eg22q", "content": "\ud83d\udd17 CVE : CVE-2026-45070, CVE-2026-45077, CVE-2026-45304, CVE-2026-45305, CVE-2026-45753, CVE-2026-45754, CVE-2026-45755, CVE-2026-45756, CVE-2026-46626, CVE-2026-47212", "creation_timestamp": "2026-05-20T14:15:12.814632Z"}, {"uuid": "73985e59-3fd8-4993-bca1-5ec7d71672bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45073", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqmyjf3xss2i", "content": "CVE-2026-45073 - Symfony: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix\nCVE ID : CVE-2026-45073\n \n Published : July 14, 2026, 7:17 p.m. | 13\u00a0minutes ago\n \n Description : Symfony is a PHP framework for web and console applications and a set of reusable PHP comp...", "creation_timestamp": "2026-07-14T19:57:43.385717Z"}, {"uuid": "f4cfb770-a912-4746-bb9c-33180c9c04d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45070", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqmyl6mtwu2t", "content": "CVE-2026-45070 - Symfony: Email Header Injection via Non-Token Characters in Mime Parameter Names\nCVE ID : CVE-2026-45070\n \n Published : July 14, 2026, 7:17 p.m. | 13\u00a0minutes ago\n \n Description : Symfony is a PHP framework for web and console applications and a set of reusable...", "creation_timestamp": "2026-07-14T19:58:43.819273Z"}, {"uuid": "d9540c67-af63-4a4c-a36a-508654cb2fec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45075", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqmzel5hwk2q", "content": "CVE-2026-45075 - Symfony: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]\nCVE ID : CVE-2026-45075\n \n Published : July 14, 2026, 7:17 p.m. | 13\u00a0minutes ago\n \n Description : Symfony is a PHP framework for web and console ...", "creation_timestamp": "2026-07-14T20:12:55.819054Z"}, {"uuid": "c166d1cb-89a9-44c4-b3bf-b78cc4252414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45072", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqmzgzjft52g", "content": "CVE-2026-45072 - Symfony: Stored XSS in WebProfiler CodeExtension::fileExcerpt() \u2014 Unescaped Non-PHP File Rendering\nCVE ID : CVE-2026-45072\n \n Published : July 14, 2026, 7:17 p.m. | 13\u00a0minutes ago\n \n Description : Symfony is a PHP framework for web and console applications and...", "creation_timestamp": "2026-07-14T20:14:17.926571Z"}, {"uuid": "917a710a-1581-4c43-b6e8-61f8394654de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45074", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqofvxlidr2d", "content": "CVE-2026-45074 - symfony\nA vulnerability in the Apache HTTP Server package on Debian Linux systems allows attackers to upload malicious files, potentially leading to unauthorized access or system\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#symfony #debian #Debian11 #CVE #infosec", "creation_timestamp": "2026-07-15T09:30:03.970790Z"}]}