{"vulnerability": "cve-2026-45064", "sightings": [{"uuid": "d46ee4aa-c73b-4307-9e33-741fb2cfefe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45064", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqofftwz2n", "content": "\ud83d\udd10 CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters \u2192 Visual href Spoofing\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45064-htmlsanitizer-url-attributes-pass-through-bidi-override-characters-visual-href-spoofing", "creation_timestamp": "2026-05-20T10:57:17.837056Z"}, {"uuid": "ecb667cb-5446-4607-b13f-92a17cd1fa8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45064", "type": "seen", "source": "https://bsky.app/profile/mradcliffe.nokoto.org.ap.brid.gy/post/3mmbu4igtlyo2", "content": "Symfony 7.4.12, Symfony 8.0.12 and Twig 3.26.0 releases today with a bunch of CVEs.\n\nCVE-2026-46640 in twig and CVE-2026-45075 in Symfony router and CVE-2026-45064 in Symfony sanitizer seem particularly scary.\n\n`composer update` and test, test, test.", "creation_timestamp": "2026-05-20T11:59:01.857372Z"}]}