Lucene search
+L

824 matches found

EUVD
EUVD
added 2026/04/14 10:29 p.m.5 views

EUVD-2026-22704

October Rain has Environment Variable Exfiltration via INI Parser Interpolation...

4.9CVSS5.8AI score0.00326EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 10:29 p.m.7 views

October Rain has Environment Variable Exfiltration via INI Parser Interpolation

A server-side information disclosure vulnerability was identified in the INI settings parser. PHP's parseinistring function supports $ syntax for environment variable interpolation. Attackers with Editor access could inject $APPKEY, $DBPASSWORD, or similar patterns into CMS page settings fields,...

4.9CVSS5.7AI score0.00326EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/14 10:29 p.m.7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the INI settings parser when environment variable interpolation is processed via the parseinistring function. An attacker with Editor permissions can retrieve sensitive environment variables by injecting...

6.9CVSS5.7AI score0.00326EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 8:2 p.m.8 views

October Rain has a Twig Sandbox Bypass via Collection Methods

A sandbox bypass vulnerability was identified in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing authenticated users with template editing permissions to bypass sandbox protections. Impact - Bypass of Twig sandbox...

6.8CVSS5.8AI score0.00395EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/04/14 8:2 p.m.4 views

GHSA-M5QG-JC75-4JP6 October Rain has a Twig Sandbox Bypass via Collection Methods

A sandbox bypass vulnerability was identified in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing authenticated users with template editing permissions to bypass sandbox protections. Impact - Bypass of Twig sandbox...

4.9CVSS5.8AI score0.00395EPSS
Exploits2References3
EUVD
EUVD
added 2026/04/14 8:2 p.m.8 views

EUVD-2026-22357

October Rain has a Twig Sandbox Bypass via Collection Methods...

4.9CVSS5.8AI score0.00395EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/14 8:2 p.m.3 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the collect process. An attacker can gain unauthorized access to restricted template functionality by leveraging insufficient sandbox restrictions when authenticated with backend access and template editi...

6.9CVSS5.7AI score0.00395EPSS
Exploits2References3
NVD
NVD
added 2026/04/14 5:16 p.m.3 views

CVE-2026-22692

October is a Content Management System CMS and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing...

6.8CVSS0.00395EPSS
Exploits2References1
CVE
CVE
added 2026/04/14 4:48 p.m.27 views

CVE-2026-22692

CVE-2026-22692 affects October CMS Twig sandbox (CMS_SAFE_MODE). Vulnerable in versions prior to 3.7.13 and 4.0.0–4.1.4; fixed in 3.7.13 and 4.1.5. Root cause: collect()->mapInto() on SafeCollection bypasses SecurityPolicy, allowing authenticated template editors to bypass sandbox. Exploitatio...

6.8CVSS5.8AI score0.00395EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 4:48 p.m.3 views

CVE-2026-22692 October CMS: Twig Sandbox Bypass via Collection Methods

October is a Content Management System CMS and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing...

4.9CVSS5.8AI score0.00395EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/04/14 4:48 p.m.29 views

CVE-2026-22692 October CMS: Twig Sandbox Bypass via Collection Methods

October is a Content Management System CMS and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing...

4.9CVSS0.00395EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32697

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.13 October versions 4.0.0 through 4.1.4 Description A sandbox bypass exists in the optional Twig safe mode feature CMS SAFE MODE. Certain methods on the collect helper were not properly restricted, allowing...

4.9CVSS5.8AI score0.00395EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.10 views

PT-2026-32911

A server-side information disclosure vulnerability was identified in the INI settings parser. PHP's parse ini string function supports $ syntax for environment variable interpolation. Attackers with Editor access could inject $APP KEY, $DB PASSWORD, or similar patterns into CMS page settings...

4.9CVSS5.7AI score0.00326EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/13 7:57 p.m.15 views

CVE-2026-1462

A flaw was found in the keras package. This vulnerability allows an attacker to execute unauthorized code on a victim's system. It occurs when a victim loads a specially crafted .keras model, even if the safemode security feature is active. The issue arises because the keras package can...

8.8CVSS6AI score0.00363EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/13 3:31 p.m.4 views

EUVD-2026-21970

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS7.7AI score0.00363EPSS
Exploits1References3
OSV
OSV
added 2026/04/13 3:31 p.m.4 views

GHSA-4F3F-G24H-FR8M Keras has an untrusted deserialization vulnerability

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS7.7AI score0.00363EPSS
Exploits1References5
OSV
OSV
added 2026/04/13 3:17 p.m.3 views

DEBIAN-CVE-2026-1462

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

7.8CVSS8.7AI score0.00363EPSS
Exploits1References1
NVD
NVD
added 2026/04/13 3:17 p.m.6 views

CVE-2026-1462

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS0.00363EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2026/04/13 3:17 p.m.17 views

CVE-2026-1462

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS7.6AI score0.00363EPSS
Exploits1References3
OSV
OSV
added 2026/04/13 3:17 p.m.11 views

UBUNTU-CVE-2026-1462

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS7.7AI score0.00363EPSS
Exploits1References4
Rows per page
Query Builder