Lucene search
+L

13391 matches found

CVE
CVE
added yesterday17 views

CVE-2026-48819

CVE-2026-48819 affects the Hey API openapi-ts code generator. Prior to version 0.97.3, the generated template in dist/clients/core/params.ts copies a runtime template into SDKs (params.gen.ts). The function buildClientParams writes unknown keys with slot prefixes (notably $query_) directly into s...

4.8CVSS5.3AI score
Exploits0References4
Cvelist
Cvelist
added yesterday11 views

CVE-2026-48819 Hey API: `buildClientParams` template: prototype chain substitution via unknown `$<slot>___proto__` key

Hey API is an ecosystem for turning API specifications into production-ready code. Prior to 0.97.3, dist/clients/core/params.ts ships a runtime template copied into generated SDKs as params.gen.ts, and buildClientParams writes unknown slot-prefixed keys such as $body, $headers, $path, and $query...

4.8CVSS
Exploits0References4
Nuclei
Nuclei
added yesterday55 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS7AI score0.017EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2 days ago2 views

SUSE CVE-2026-54463

unknown...

5.2AI score
Exploits0References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-44951

Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.8.0, the decodeunknownfield function in buffa's protobuf decoder allocated heap memory in proportion to untrusted input unknown fields in the serialized protobuf without enforcing an...

6.3CVSS6.1AI score0.00565EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-55407

Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.8.0, the decodeunknownfield function in buffa's protobuf decoder allocated heap memory in proportion to untrusted input unknown fields in the serialized protobuf without enforcing an...

6.3CVSS6.1AI score0.00565EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-15909

A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument kdcs leads to authorization bypass. The attack is possible to be carried out remotely. This produ...

6.5CVSS6.3AI score0.00211EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-60602

Name of the Vulnerable Software and Affected Versions Quicly versions prior to commit 8b178e6 Description Quicly is vulnerable to a Denial of Service DoS attack caused by connection state corruption. While the QUIC version 1 protocol restricts Connection IDs CID to 20 bytes, the packet decoder in...

7.5CVSS6AI score0.00278EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 3 days ago2 views

SUSE CVE-2026-44891

unknown...

5.2AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago2 views

SUSE CVE-2026-50163

unknown...

5.1AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 4 days ago12 views

CVE-2026-46627

Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...

7.1CVSS6.1AI score0.00385EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago11 views

CVE-2026-46628

Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0...

5.4CVSS6.1AI score0.00169EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago9 views

CVE-2026-46629

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

6.5CVSS6.1AI score0.00302EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago16 views

CVE-2026-46638

Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...

8.1CVSS6.1AI score0.00265EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago11 views

CVE-2026-46639

Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute with the sandbox argument hardcoded to false, disabling property and method policy checks and allowing an attacker with write access to a sandboxed Twig template to...

7.1CVSS6.1AI score0.00351EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago14 views

CVE-2026-46633

Twig is a template language for PHP. Prior to 3.26.0, Compiler::string does not escape single quotes when a template name from a % use % tag is placed inside a PHP single-quoted string literal, allowing a crafted template name to terminate the string and inject arbitrary PHP expressions into the...

9.8CVSS6.2AI score0.00642EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago17 views

CVE-2026-47732

Twig is a template language for PHP. Prior to 3.26.0, several Twig language constructs trigger PHP string coercion on a Stringable operand without consulting SecurityPolicy::checkMethodAllowed, allowing a sandboxed template author to invoke toString on objects reachable in the render context...

7.1CVSS6.1AI score0.0036EPSS
Exploits0References2
CVE
CVE
added 4 days ago11 views

CVE-2026-15752

CVE-2026-15752 affects the backend user endpoint of zhinianboke xianyu-auto-reply, specifically an issue in an unknown function under the file path /api/v1/users/ that permits remote manipulation leading to missing authorization. The vulnerability is linked to a rolling-release project with no pu...

7.5CVSS6.5AI score0.00297EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 4 days ago12 views

CVE-2026-45071

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Crawler::addXmlContent set DOMDocument::$validateOnParse = true before loadXML, re-enabling external entity resolution and allowing attacker-supplied XML ...

8.7CVSS6.1AI score0.00462EPSS
Exploits0References2
OSV
OSV
added 4 days ago8 views

UBUNTU-CVE-2026-48736

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.0 to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, NoPrivateNetworkHttpClient and IpUtils::PRIVATESUBNETS omitted IPv6 transition prefixes such as 6to4, NAT64, Teredo, and IPv4-compatible IPv6, allowi...

8.6CVSS6.1AI score0.0046EPSS
Exploits0References5
Rows per page
Query Builder