2 matches found
CVE-2026-46639
A flaw was found in Twig, a template language for PHP. An attacker with write access to a sandboxed Twig template can bypass security restrictions due to an issue in object-destructuring assignment. This allows them to read public properties or invoke public methods on objects, leading to...
Prototype Pollution
getsetprop is vulnerable to prototype pollution. The vulnerability is due to improper restrictions on proto or constructor.prototype properties, which allows an attacker to manipulate application logic, potentially leading to denial of service, remote code execution...