GHSA-PR2W-4GPJ-CPQ4 Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

Description SandboxNodeVisitor enforces SecurityPolicy::checkMethodAllowed for implicit toString calls by wrapping selected AST nodes in CheckToStringNode. The set of wrapped nodes is incomplete, and several Twig language constructs still trigger PHP string coercion on a Stringable operand withou...

PT-2026-23618

Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.2.3 Description The webhook URL validation in plane/app/serializers/webhook.py only checks if the IP address is loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private or internal...

CVE-2016-4215

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors...

CVE-2016-1445

Cisco Adaptive Security Appliance ASA Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes...