Lucene search
K

6 matches found

Snyk
Snyk
added 2026/05/27 5:41 p.m.7 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via dynamic mapping key handling in ArrayExpression. An attacker can bypass the sandbox toString restrictions by using a stringable object as a...

3.1CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2025/08/20 7:13 p.m.7 views

CVE-2025-43757

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7....

4.8CVSS0.00201EPSS
Exploits0References1
OSV
OSV
added 2025/08/19 9:30 p.m.4 views

GHSA-M49P-6CJP-X2H3 Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

5.1CVSS5.7AI score0.00166EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.2 views

PT-2024-27444 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch affected versions not specified Description: A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of passthrough type. Under certain circumstances, ingestin...

4.9CVSS6.4AI score0.00529EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2024/06/08 2:51 a.m.3 views

SUSE CVE-2024-37280

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of "passthrough" type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...

4.9CVSS4.8AI score0.00529EPSS
Exploits0References3
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

Sandbox `__toString()` policy bypass via dynamic mapping keys

More info at https://symfony.com/blog/cve-2026-48806-sandbox-tostring-policy-bypass-via-dynamic-mapping-keys...

5.8AI score
Exploits0Affected Software1
Rows per page
Query Builder