Lucene search
+L

5 matches found

osv
osv
added 2 days ago7 views

DEBIAN-CVE-2026-46637

Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with issafe = all, causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly...

5.4CVSS6.1AI score0.00268EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2 days ago7 views

CVE-2026-46637

Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with issafe = all, causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly...

5.4CVSS6.1AI score0.00268EPSS
Exploits0References2
cve
cve
added 2 days ago17 views

CVE-2026-46637

CVE-2026-46637 concerns Twig (PHP template engine). Before 3.26.0, the filters in twig/markdown-extra (html_to_markdown, markdown_to_html) and twig/cssinliner-extra (inline_css) were registered with is_safe => [all], causing their output to be treated as safe in contexts where escaping is requ...

5.4CVSS6.1AI score0.00268EPSS
Exploits0References4Affected Software1
nessus
nessus
added 2026/05/21 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-46637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with issafe = all, causing...

5.4CVSS6.1AI score0.00268EPSS
Exploits0References3
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.7 views

HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

More info at https://symfony.com/cve-2026-46637...

5.4CVSS5.8AI score0.00268EPSS
Exploits0Affected Software1
Rows per page
Query Builder