Lucene search
K

145 matches found

NVD
NVD
added 2026/06/23 3:16 p.m.10 views

CVE-2026-28496

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS0.01892EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/23 2:20 p.m.10 views

EUVD-2026-38455

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS6.4AI score0.01892EPSS
Exploits1References3
OSV
OSV
added 2026/06/12 3:4 p.m.6 views

GHSA-6JQ6-X4CX-QVCM Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)

Summary The Twig template resources/views/list/ale.twig renders the piggy bank name from AuditLogEntry.after.piggy using the |raw filter, bypassing Twig's auto-escaping. A piggy bank created with an HTML payload in its name executes arbitrary JavaScript in any browser viewing that transaction's...

5.1CVSS5.5AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/12 3:4 p.m.11 views

Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)

Summary The Twig template resources/views/list/ale.twig renders the piggy bank name from AuditLogEntry.after.piggy using the |raw filter, bypassing Twig's auto-escaping. A piggy bank created with an HTML payload in its name executes arbitrary JavaScript in any browser viewing that transaction's...

5.5AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/27 5:41 p.m.10 views

Improper Validation of Specified Index, Position, or Offset in Input

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input in the SandboxNodeVisitor that allows toString policy bypass via Traversable in join/replace filte...

6CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/27 5:41 p.m.8 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the deprecated twigarraysome, twigarrayevery, and twigcheckarrowinsandbox helper functions. An attacker can bypass the sandbox callback...

4.2CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/27 5:41 p.m.7 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via dynamic mapping key handling in ArrayExpression. An attacker can bypass the sandbox toString restrictions by using a stringable object as a...

3.1CVSS5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-46633 Note that Nessus relies on the presence of the package as reported by the vendo...

5.8AI score0.00357EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/20 9:41 a.m.6 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via object-destructuring assignment handling in ObjectDestructuringSetBinary::compile. An attacker can bypass Twig sandbox property and method...

6.4CVSS5.9AI score0.00082EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 9:41 a.m.7 views

Arbitrary Code Injection

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Arbitrary Code Injection via the obj.expr dynamic attribute syntax and MacroReferenceExpression::compile. An attacker can execute arbitrary PHP code by supplying a...

9.8CVSS6.1AI score0.00056EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 9:41 a.m.9 views

Cross-site Scripting (XSS)

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the spaceless filter registered with issafe = 'html'. An attacker can execute arbitrary HTML or JavaScript by supplying crafted markup to...

6.1CVSS5.8AI score0.00056EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 8:18 p.m.8 views

phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

Summary The FAQ creation and update endpoints in phpMyFAQ apply FILTERSANITIZESPECIALCHARS which HTML-encodes input, then immediately call htmlentitydecode which reverses the encoding, followed by Filter::removeAttributes which only strips HTML attributes — not tags. This allows , , , and tags to...

5.4CVSS6.1AI score0.00153EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/04/21 8:17 p.m.8 views

CVE-2026-40878

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw $SERVER'REQUESTURI' to Twig as a global template variable and renders it inside a JavaScript string literal in the setLang helper of base.twig,...

2.1CVSS0.00805EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 7:21 p.m.31 views

CVE-2026-40878 mailcow-dockerized Login Page has Reflected Parameter Injection / Wrong-Context XSS Escaping

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw $SERVER'REQUESTURI' to Twig as a global template variable and renders it inside a JavaScript string literal in the setLang helper of base.twig,...

2.1CVSS0.00805EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/14 1:6 a.m.12 views

Kimai leaks API Token Hash via Invoice Twig Template

Summary The Twig sandbox used for invoice templates blocks certain sensitive User methods password, TOTP secret, etc. via a blocklist in StrictPolicy::checkMethodAllowed. However, getApiToken and getPlainApiToken are not on the blocklist. An admin who creates an invoice template can embed calls t...

5.9AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/10 6:32 p.m.19 views

CVE-2026-33705 Chamilo LMS has unauthenticated access to Twig template source files exposes application logic

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

5.3CVSS0.00245EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/10 6:32 p.m.3 views

CVE-2026-33705 Chamilo LMS has unauthenticated access to Twig template source files exposes application logic

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:43 p.m.1 views

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example ""@evil.com. PHP's FILTERVALIDATEEMAIL accepts this email...

6.4CVSS5.8AI score0.00262EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.4 views

CVE-2026-4257

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...

9.8CVSS6.2AI score0.41475EPSS
Exploits7References1
NVD
NVD
added 2026/03/30 10:16 p.m.4 views

CVE-2026-4257

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...

9.8CVSS0.41475EPSS
Exploits7References3
Rows per page
Query Builder