Lucene search
+L

13244 matches found

Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-60210

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the user's norm...

8.8CVSS6.1AI score0.00136EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

DEBIAN-CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

6CVSS6.1AI score0.00414EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

8.2CVSS0.00414EPSS
Exploits0References3
NVD
NVD
added 3 days ago9 views

CVE-2026-48807

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

9.1CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 3 days ago8 views

CVE-2026-48808

Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed, so SourcePolicyInterface decisions are lost and a template author can read public or magic...

7.5CVSS0.0026EPSS
Exploits0References3
NVD
NVD
added 3 days ago9 views

CVE-2026-48806

Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...

9.1CVSS0.00238EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-47732

Twig is a template language for PHP. Prior to 3.26.0, several Twig language constructs trigger PHP string coercion on a Stringable operand without consulting SecurityPolicy::checkMethodAllowed, allowing a sandboxed template author to invoke toString on objects reachable in the render context...

7.1CVSS0.0036EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-47730

Twig is a template language for PHP. From 3.0.0 until 3.26.0, Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName into HTML output without escaping, allowing attacker-controlled template or profile names to inject arbitrary HTML when a browser renders the profiler dum...

5.4CVSS0.00169EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-46638

Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...

8.1CVSS0.00265EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-46637

Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with issafe = all, causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly...

5.4CVSS0.00175EPSS
Exploits0References4
NVD
NVD
added 3 days ago5 views

CVE-2026-46635

Twig is a template language for PHP. Prior to 3.26.0, the column filter passes object arrays to PHP arraycolumn, which reads public and magic properties without reaching CoreExtension::getAttribute or SandboxExtension::checkPropertyAllowed, allowing an untrusted template author with column in...

5.3CVSS0.00297EPSS
Exploits0References3
NVD
NVD
added 3 days ago4 views

CVE-2026-46634

Twig is a template language for PHP. From 3.9.0 until 3.26.0, templatefromstring compiles an inner template under a synthesized stringtemplate name that can fall outside a SourcePolicyInterface sandbox decision, allowing a sandboxed template that can call templatefromstring and include to render ...

9.8CVSS0.00419EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-46640

Twig is a template language for PHP. From 3.15.0 until 3.26.0, self. and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier validation, causing raw PHP to be emitted into the generated template source and...

8.8CVSS0.00405EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-46629

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

6.5CVSS0.00302EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-46633

Twig is a template language for PHP. Prior to 3.26.0, Compiler::string does not escape single quotes when a template name from a % use % tag is placed inside a PHP single-quoted string literal, allowing a crafted template name to terminate the string and inject arbitrary PHP expressions into the...

9.8CVSS0.00642EPSS
Exploits0References4
NVD
NVD
added 3 days ago4 views

CVE-2026-46627

Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...

7.1CVSS0.00385EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-46628

Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0...

5.4CVSS0.00169EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-42049

jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx inserts the android:versionName value from an AndroidManifest into the generated app/build.gradle Groovy template without proper sanitization when exporting a decompiled APK as an Android Gradle project. A malicious APK can break out of the...

8.4CVSS0.00151EPSS
Exploits0References3
CVE
CVE
added 3 days ago19 views

CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

8.2CVSS6.1AI score0.00414EPSS
Exploits0References3Affected Software1
OSV
OSV
added 3 days ago4 views

CVE-2026-49981 Twig: Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders for a cached `Template`

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

6CVSS6.1AI score0.00414EPSS
Exploits0References5
Rows per page
Query Builder