Lucene search
+L

3090 matches found

osv
osv
added 3 days ago6 views

UBUNTU-CVE-2026-46640

Twig is a template language for PHP. From 3.15.0 until 3.26.0, self. and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier validation, causing raw PHP to be emitted into the generated template source and...

8.7CVSS6.1AI score0.00405EPSS
Exploits0References3
osv
osv
added 3 days ago8 views

UBUNTU-CVE-2026-46638

Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...

6CVSS7AI score0.00833EPSS
Exploits0References3
osv
osv
added 3 days ago7 views

DEBIAN-CVE-2026-48489

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, DefaultAuthenticationFailureHandler honored the request-supplied failurepath parameter when failureforward: true was enabled, allowing an unauthenticated...

7.5CVSS6.1AI score0.00465EPSS
Exploits0References1
osv
osv
added 3 days ago5 views

UBUNTU-CVE-2026-45068

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, SendmailTransport in -t mode appended recipient addresses to the sendmail command line without a -- end-of-options separator, allowing an address beginnin...

8.7CVSS6.1AI score0.00399EPSS
Exploits0References3
osv
osv
added 3 days ago20 views

UBUNTU-CVE-2026-47212

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, TwilioRequestParser::doParse received the configured webhook secret but ignored the X-Twilio-Signature HMAC header, allowing unauthenticated POST requests to inje...

6.9CVSS6.1AI score0.00238EPSS
Exploits0References3
osv
osv
added 3 days ago7 views

UBUNTU-CVE-2026-45755

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...

6.9CVSS6.1AI score0.00238EPSS
Exploits0References3
osv
osv
added 3 days ago6 views

DEBIAN-CVE-2026-45066

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts or allowMediaHosts because UrlSanitizer::parse follows RFC 3986...

6.1CVSS6.1AI score0.0029EPSS
Exploits0References1
osv
osv
added 3 days ago6 views

UBUNTU-CVE-2026-45066

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts or allowMediaHosts because UrlSanitizer::parse follows RFC 3986...

2.3CVSS6.1AI score0.0029EPSS
Exploits0References3
osv
osv
added 3 days ago3 views

UBUNTU-CVE-2026-54433

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting XSS via a crafted plain-text email message. The attacker-controlled JavaScript executes within the victim's authenticated session simply by opening or previewing the message zero-click...

7.2CVSS6.1AI score0.00276EPSS
Exploits0References3
vulnrichment
vulnrichment
added 3 days ago3 views

CVE-2026-50347 Windows Data.dll Remote Code Execution Vulnerability

...

7.8CVSS6.1AI score0.00444EPSS
Exploits0References1
osv
osv
added 3 days ago16 views

ROOT-OS-UBUNTU-2404-CVE-2025-37901 CVE-2025-37901 in rootio-linux - Patched by Root

Root has patched CVE-2025-37901 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS7.2AI score0.0016EPSS
Exploits0
osv
osv
added 3 days ago17 views

ROOT-OS-DEBIAN-11-CVE-2025-39957 CVE-2025-39957 in rootio-linux - Patched by Root

Root has patched CVE-2025-39957 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

7.8CVSS6.5AI score0.00144EPSS
Exploits0
ibm
ibm
added 4 days ago6 views

Security Bulletin: Vulnerability in bytes bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the bytes library, which is affected by an integer overflow vulnerability. CVE-2026-25541 Vulnerability Details CVEID:CVE-2026-25541 DESCRIPTION: Bytes is a utility library for working with bytes. From version 1.2.1 ...

7.5CVSS6AI score0.00559EPSS
Exploits1Affected Software2
osv
osv
added 4 days ago5 views

DEBIAN-CVE-2026-13221

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...

9.1CVSS6.1AI score0.00606EPSS
Exploits0References1
osv
osv
added 4 days ago3 views

UBUNTU-CVE-2026-15551

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS6.1AI score0.00081EPSS
Exploits0References2
osv
osv
added 2026/07/10 6:2 a.m.4 views

BELL-CVE-2026-15308

Bulletin has no description...

7.5CVSS6.1AI score0.00553EPSS
Exploits0References1
osv
osv
added 2026/07/10 4:17 a.m.3 views

UBUNTU-CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6.2AI score0.00516EPSS
Exploits0References3
osv
osv
added 2026/07/10 12:0 a.m.3 views

UBUNTU-CVE-2026-14741

ReDoS in parsedate...

6.1AI score
Exploits0References2
osv
osv
added 2026/07/09 4:48 p.m.7 views

DEBIAN-CVE-2026-57825

Bulletin has no description...

6.1AI score
Exploits0References1
osv
osv
added 2026/07/09 10:48 a.m.2 views

DEBIAN-CVE-2026-3886

Bulletin has no description...

7AI score
Exploits0References1
Rows per page
Query Builder