{"vulnerability": "cve-2026-4507", "sightings": [{"uuid": "159db378-9fc4-44be-8756-e870a96686a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45071", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqoyndsy2h", "content": "\ud83d\udd10 CVE-2026-45071: XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45071-xxe-local-file-disclosure-in-domcrawler-addxmlcontent-via-validateonparse-true", "creation_timestamp": "2026-05-20T10:57:38.021766Z"}, {"uuid": "effbf327-1761-4591-a158-67cd20f957a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45072", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqpfn7hs2h", "content": "\ud83d\udd10 CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45072-stored-xss-in-webprofiler-codeextension-fileexcerpt-unescaped-non-php-file-rendering", "creation_timestamp": "2026-05-20T10:58:13.441457Z"}, {"uuid": "bb7a6e4b-d42d-47eb-acff-47463532ffb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45077", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqpl56fn2v", "content": "\ud83d\udd10 CVE-2026-45077: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45077-unauthenticated-php-object-deserialization-in-monologbridge-server-log-listener", "creation_timestamp": "2026-05-20T10:58:16.783205Z"}, {"uuid": "2e03881d-f3da-4d36-9465-9c80ca693cd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45075", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqq5nq7i2h", "content": "\ud83d\udd10 CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45075-head-request-bypasses-methods-get-filter-in-isgranted-issignaturevalid-iscsrftokenvalid", "creation_timestamp": "2026-05-20T10:58:29.994027Z"}, {"uuid": "215ea900-64bc-43d5-b2dd-8b81a630bb1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45074", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqschhar2o", "content": "\ud83d\udd10 CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header \u2192 Cross-Service Ticket Replay\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45074-cas2handler-derives-cas-service-url-from-client-host-header-cross-service-ticket-replay", "creation_timestamp": "2026-05-20T10:59:28.965986Z"}, {"uuid": "7cb48277-63bb-418e-bb78-caec5de495ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45073", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbquicxtl2n", "content": "\ud83d\udd10 CVE-2026-45073: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45073-sql-injection-in-pdoadapter-doclear-via-unsanitized-prefix", "creation_timestamp": "2026-05-20T11:00:42.441748Z"}, {"uuid": "dfa27e54-c38f-4064-b086-d132dde4f184", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45075", "type": "seen", "source": "https://bsky.app/profile/mradcliffe.nokoto.org.ap.brid.gy/post/3mmbu4igtlyo2", "content": "Symfony 7.4.12, Symfony 8.0.12 and Twig 3.26.0 releases today with a bunch of CVEs.\n\nCVE-2026-46640 in twig and CVE-2026-45075 in Symfony router and CVE-2026-45064 in Symfony sanitizer seem particularly scary.\n\n`composer update` and test, test, test.", "creation_timestamp": "2026-05-20T11:59:01.677666Z"}, {"uuid": "5efd1818-0d34-4c32-8671-329c5ed0e41e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45070", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbzn2gy7z2m", "content": "\ud83d\udd10 CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45070-email-header-injection-via-non-token-characters-in-mime-parameter-names", "creation_timestamp": "2026-05-20T13:37:36.619922Z"}, {"uuid": "25ab33d6-6aa2-4a2d-9215-58ac8e8f943d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45070", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3qc4eg22q", "content": "\ud83d\udd17 CVE : CVE-2026-45070, CVE-2026-45077, CVE-2026-45304, CVE-2026-45305, CVE-2026-45753, CVE-2026-45754, CVE-2026-45755, CVE-2026-45756, CVE-2026-46626, CVE-2026-47212", "creation_timestamp": "2026-05-20T14:15:12.661496Z"}, {"uuid": "a1e58582-4bb5-4f86-8225-e6b8d3789333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45077", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3qc4eg22q", "content": "\ud83d\udd17 CVE : CVE-2026-45070, CVE-2026-45077, CVE-2026-45304, CVE-2026-45305, CVE-2026-45753, CVE-2026-45754, CVE-2026-45755, CVE-2026-45756, CVE-2026-46626, CVE-2026-47212", "creation_timestamp": "2026-05-20T14:15:12.814632Z"}]}