Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Zend Subscribe
Total 46 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4451 3 Fedoraproject, Redhat, Zend 3 Fedora, Enterprise Linux, Zend Framework 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
CVE-2011-1939 3 Debian, Php, Zend 3 Debian Linux, Php, Zend Framework 2024-02-04 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
CVE-2014-4913 2 Debian, Zend 2 Debian Linux, Zend Framework 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
CVE-2015-3154 1 Zend 1 Zend Framework 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2015-0270 1 Zend 1 Framework 2024-02-04 7.5 HIGH 9.8 CRITICAL
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.
CVE-2014-8089 3 Fedoraproject, Redhat, Zend 3 Fedora, Enterprise Linux, Zend Framework 2024-02-04 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.