Lucene search
+L

136 matches found

nvd
nvd
added 3 days ago6 views

CVE-2026-47730

Twig is a template language for PHP. From 3.0.0 until 3.26.0, Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName into HTML output without escaping, allowing attacker-controlled template or profile names to inject arbitrary HTML when a browser renders the profiler dum...

5.4CVSS0.00169EPSS
Exploits0References3
cvelist
cvelist
added 3 days ago33 views

CVE-2026-46633 Twig: PHP code injection via `{% use %}` template name

Twig is a template language for PHP. Prior to 3.26.0, Compiler::string does not escape single quotes when a template name from a % use % tag is placed inside a PHP single-quoted string literal, allowing a crafted template name to terminate the string and inject arbitrary PHP expressions into the...

8.7CVSS0.00642EPSS
Exploits0References4
osv
osv
added 2026/06/05 9:46 p.m.7 views

GHSA-2G2G-8P8H-FGWM Twig: XSS in profiler HtmlDumper via unescaped template and profile names

Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...

5.4CVSS5.6AI score0.00169EPSS
Exploits0References5
github
github
added 2026/06/05 9:46 p.m.15 views

Twig: XSS in profiler HtmlDumper via unescaped template and profile names

Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...

5.4CVSS5.6AI score0.00169EPSS
Exploits0References5Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:19 p.m.11 views

CVE-2026-1620

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the laegettemplatepart function, which uses an inadequate strreplace approach that can...

8.8CVSS5.8AI score0.00816EPSS
Exploits0References1
osv
osv
added 2026/05/21 9:24 p.m.9 views

GHSA-7P85-W9PX-JPJP Twig: PHP code injection via `{% use %}` template name

Description Compiler::string escapes ", $, , NUL and TAB when generating PHP double-quoted string literals, but does not escape single quotes. In ModuleNode::compileConstructor, the template name from a % use % tag is compiled via subcompile - string and placed inside a surrounding PHP...

9.3CVSS6.2AI score0.00642EPSS
Exploits0References4
github
github
added 2026/05/21 9:24 p.m.29 views

Twig: PHP code injection via `{% use %}` template name

Description Compiler::string escapes ", $, , NUL and TAB when generating PHP double-quoted string literals, but does not escape single quotes. In ModuleNode::compileConstructor, the template name from a % use % tag is compiled via subcompile - string and placed inside a surrounding PHP...

9.8CVSS6.2AI score0.00642EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.16 views

PT-2026-45157

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The TwigProfilerDumperHtmlDumper component fails to escape the output of Profile::getTemplate and Profile::getName when writing to HTML. If an attacker can control the template name—which may...

5.1CVSS5.5AI score0.00169EPSS
Exploits0References14
ptsecurity
ptsecurity
added 2026/05/20 12:0 a.m.12 views

PT-2026-42174

Name of the Vulnerable Software and Affected Versions Twig versions prior to 3.26.0 Description When a sandbox is enabled selectively via SourcePolicyInterface rather than globally, a sandboxed template permitted to use template from string and include can render an arbitrary inner template witho...

7.7CVSS6AI score0.00419EPSS
Exploits0References15
nvd
nvd
added 2026/04/16 7:16 a.m.6 views

CVE-2026-1620

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the laegettemplatepart function, which uses an inadequate strreplace approach that can...

8.8CVSS0.00816EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/04/16 12:0 a.m.13 views

WordPress plugin Livemesh Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

8.8CVSS5.8AI score0.00816EPSS
Exploits0References1
osv
osv
added 2026/03/27 6:22 p.m.5 views

GHSA-XJPJ-3MR7-GCPF Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...

8.2CVSS6AI score0.00291EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/03/27 12:0 a.m.9 views

PT-2026-28573

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings – template file names and several CLI options – directly into the JavaScript it emits...

8.2CVSS6.1AI score0.00291EPSS
Exploits1References16
redhatcve
redhatcve
added 2026/03/26 3:7 p.m.5 views

CVE-2026-31815

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References1
euvd
euvd
added 2026/03/11 12:11 a.m.5 views

EUVD-2026-10909

django-unicorn affected by component state manipulation via unvalidated attribute access...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References1
cve
cve
added 2026/03/10 9:7 p.m.21 views

CVE-2026-31815

CVE-2026-31815 affects django-unicorn prior to 0.67.0. The issue stems from missing access control checks during property updates and method calls, allowing an attacker to bypass _is_public protection and modify internal attributes (e.g., template_name) or trigger protected methods. Fixed in 0.67...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2026/03/10 9:7 p.m.30 views

CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

5.3CVSS0.0021EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/03/10 9:7 p.m.2 views

CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References1
osv
osv
added 2026/03/02 9:26 p.m.5 views

GHSA-37J7-56XC-C468 Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal

Affected Versions: Tested on current dev branch build fingerprint 505...7bd86 CVSS v4 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Privileges Required: Web application admin account for file write, any authenticated user for RCE trigger --- Summary Two separate...

8.6CVSS6.3AI score0.00673EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/02/25 12:0 a.m.8 views

PT-2026-21937

Name of the Vulnerable Software and Affected Versions feiyuchuixue sz-boot-parent versions through 1.3.2-beta Description A security issue exists in feiyuchuixue sz-boot-parent. The issue affects an unknown part of the file /api/admin/common/download/templates within the API component. Manipulati...

5.3CVSS5.8AI score0.00325EPSS
Exploits0References10
Rows per page
Query Builder