CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

UbuntuCve•added 2026/05/20 2:16 p.m.•5 views

CVE-2026-24425

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

9.9CVSS6.2AI score0.00114EPSS

Exploits0References5

EUVD•added 2026/05/20 1:45 p.m.•4 views

EUVD-2026-31113

8.8CVSS6.2AI score0.00114EPSS

Exploits0References3

Vulnrichment•added 2026/05/20 1:45 p.m.•4 views

CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface

8.8CVSS6.2AI score0.00114EPSS

Exploits0References3

Cvelist•added 2026/05/20 1:45 p.m.•35 views

CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface

8.8CVSS0.00114EPSS

Exploits0References3

Snyk•added 2026/05/20 9:41 a.m.•2 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via callback validation for the sort, filter, map, and reduce filters when sandboxing is enabled through SourcePolicyInterface. An attacker can...

9.9CVSS6AI score0.00114EPSS

Exploits0References2

CNNVD•added 2026/05/20 12:0 a.m.•4 views

Twig 安全漏洞

Twig is an open-source PHP template engine developed by Twig contributors. Versions 2.16.x and 3.9.0 to 3.25.x of Twig contain security vulnerabilities. These vulnerabilities stem from sandbox bypasses when using the SourcePolicyInterface, allowing attackers to circumvent sandbox restrictions and...

9.9CVSS6AI score0.00114EPSS

Exploits0References1