Lucene search
K

199 matches found

NVD
NVD
added yesterday6 views

CVE-2026-48806

Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...

7.1CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday36 views

CVE-2026-48807 Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

7.1CVSS
Exploits0References2
CVE
CVE
added yesterday29 views

CVE-2026-48806

Twig’s vulnerability CVE-2026-48806 concerns dynamic mapping keys in ArrayExpression not being wrapped for string coercion, allowing PHP to call __toString() on a Stringable key without SandboxExtension::ensureToStringAllowed(). The issue affects Twig

7.1CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday33 views

CVE-2026-48806 Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys

Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...

7.1CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday32 views

CVE-2026-47732 Twig Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

Twig is a template language for PHP. Prior to 3.26.0, several Twig language constructs trigger PHP string coercion on a Stringable operand without consulting SecurityPolicy::checkMethodAllowed, allowing a sandboxed template author to invoke toString on objects reachable in the render context...

7.1CVSS0.00044EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/23 9:21 p.m.9 views

jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()

Impact Potential Denial-of-Service when attacker sends deeply nested JSON if and only if service: 1. Reads deeply nested 1000s of levels JSON as JsonNode ObjectMapper.readTree 2. Writes out same or modifided node using JsonNode.toString which can consume significant amount of resources with...

7.5CVSS5.8AI score0.00616EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/06/23 9:21 p.m.8 views

GHSA-3WRR-7QPF-2PRH jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()

Impact Potential Denial-of-Service when attacker sends deeply nested JSON if and only if service: 1. Reads deeply nested 1000s of levels JSON as JsonNode ObjectMapper.readTree 2. Writes out same or modifided node using JsonNode.toString which can consume significant amount of resources with...

6.3CVSS5.8AI score0.00616EPSS
Exploits1References4
NVD
NVD
added 2026/06/23 9:17 p.m.17 views

CVE-2026-50193

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if and only if the service reads deeply nested 1000s of levels JSON as JsonNode...

7.5CVSS0.00616EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/23 9:0 p.m.34 views

CVE-2026-50193 jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if and only if the service reads deeply nested 1000s of levels JSON as JsonNode...

6.3CVSS0.00616EPSS
Exploits1References3
OSV
OSV
added 2026/06/23 9:0 p.m.1 views

CVE-2026-50193 jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if and only if the service reads deeply nested 1000s of levels JSON as JsonNode...

6.3CVSS6AI score0.00616EPSS
Exploits1References5
OSV
OSV
added 2026/06/23 3:7 p.m.2 views

CVE-2026-55766 guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled dat...

4.8CVSS6AI score0.00158EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 6:31 a.m.10 views

ts-deepmerge: Prototype Method Override leads to DoS

Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods such as toString, valueOf. When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken —...

6.9CVSS5.9AI score0.00308EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/19 6:17 a.m.12 views

CVE-2026-12644

Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods such as toString, valueOf. When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken —...

6.9CVSS0.00308EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 5:0 a.m.13 views

EUVD-2026-37991

Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods such as toString, valueOf. When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken —...

6.9CVSS5.9AI score0.00308EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 5:0 a.m.37 views

CVE-2026-12644

Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods such as toString, valueOf. When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken —...

6.9CVSS0.00308EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/11 6:7 p.m.11 views

Improper Authorization

Twig is vulnerable to Improper Authorization. The vulnerability is due to incomplete enforcement of sandbox security checks for implicit toString calls, which allows an attacker to invoke non-allowlisted toString methods on accessible objects and bypass configured security policies...

7.1CVSS5.5AI score0.00044EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.20 views

CVE-2026-9358

A flaw was found in postcss. A remote attacker could exploit a vulnerability in the toString function of the AST Serialization component by executing a manipulation, leading to uncontrolled recursion. This uncontrolled recursion can result in a Denial of Service DoS condition, making the affected...

5.3CVSS6AI score0.00325EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/03 4:10 p.m.2 views

postcss-selector-parser: Postcss: Denial of Service via uncontrolled recursion in AST Serialization

A flaw was found in postcss. A remote attacker could exploit a vulnerability in the toString function of the AST Serialization component by executing a manipulation, leading to uncontrolled recursion. This uncontrolled recursion can result in a Denial of Service DoS condition, making the affected...

5.3CVSS6AI score0.00325EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/24 7:39 a.m.17 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the toString function in the AST Serialization. An attacker can cause uncontrolled recursion by providing specially crafted input, potentially resulting in resource exhaustion and application unavailability...

6.9CVSS5.8AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/24 7:39 a.m.27 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the toString function in the AST Serialization. An attacker can cause uncontrolled recursion by providing specially crafted input, potentially resulting in resource exhaustion and application unavailability...

6.9CVSS4.9AI score0.00325EPSS
Exploits0References2
Rows per page
Query Builder