In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.
https://bugs.php.net/bug.php?id=81744
https://github.com/php/php-src/security/advisories/GHSA-7fj2-8×79-rjf4
Description A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB)
Description A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could
Description symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the