CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering

PKSA-rg9h-crk2-m8zt CVE-2026-45072

Affected version: >=7.2.9,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12

Reported by:
FriendsOfPHP/security-advisories

[HIGH] CSRF vulnerability in the Web Profiler

PKSA-6thw-45qq-kvhy CVE-2014-6072 GHSA-v35g-4rrw-h4fw

Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.19|>=2.4.0,<2.4.9|>=2.5.0,<2.5.4

Reported by:
GitHub, FriendsOfPHP/security-advisories