Lucene search
+L

290 matches found

OSV
OSV
added 4 days ago4 views

DEBIAN-CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

8.2CVSS6.1AI score0.00362EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

8.2CVSS0.00362EPSS
Exploits0References3
OSV
OSV
added 4 days ago5 views

UBUNTU-CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

8.2CVSS6.1AI score0.00362EPSS
Exploits0References5
CVE
CVE
added 4 days ago21 views

CVE-2026-49981

Twig is a template language for PHP. CVE-2026-49981 affects Twig up to version 3.26.x, where the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can be cached after sandbox state changes between renders. This can allow a later sand...

8.2CVSS6.1AI score0.00362EPSS
Exploits0References3Affected Software1
OSV
OSV
added 4 days ago4 views

CVE-2026-49981 Twig: Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders for a cached `Template`

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

6CVSS6.1AI score0.00362EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/11 1:1 p.m.8 views

EUVD-2026-43177

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...

7.3CVSS6.2AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/07/11 1:1 p.m.4 views

CVE-2026-61428 PraisonAI AgentMail before 4.6.78 Message Injection via Webhook

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...

6.9CVSS6.2AI score0.00246EPSS
Exploits0References4
Nuclei
Nuclei
added 2026/07/11 12:22 a.m.110 views

XStream 1.4.18 - Remote Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7.1AI score0.98124EPSS
Exploits6References5
OSV
OSV
added 2026/07/07 4:52 p.m.7 views

GO-2026-5681 Hugo: security.http.urls allow-list bypass via HTTP redirects in github.com/gohugoio/hugo

Hugo: security.http.urls allow-list bypass via HTTP redirects in github.com/gohugoio/hugo...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References3
CVE
CVE
added 2026/07/06 7:42 p.m.21 views

CVE-2026-50134

CVE-2026-50134 (Hugo) affects Hugo versions 0.91.0 through 0.161.1, where resources.GetRemote did not re-validate intermediate URLs on HTTP 3xx redirects despite enforcing security.http.urls on the initial URL. This allowed a redirect to an allowed host (or an attacker-controlled DNS/response) th...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/06 7:42 p.m.4 views

CVE-2026-50134 Hugo: security.http.urls allow-list bypass via HTTP redirects

Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhook and migration allow-list filtering process. An attacker can access internal network resources or sensitive endpoints by crafting requests that bypass the intended filtering. Remediation...

9.6CVSS7.2AI score0.00464EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.47 views

CVE-2026-22874 Gitea webhook and migration allow-list filtering permits SSRF

Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering...

9.6CVSS0.00464EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.7 views

CVE-2026-22874

Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering...

9.6CVSS5.9AI score0.00464EPSS
Exploits1References6
CVE
CVE
added 2026/07/03 8:19 p.m.26 views

CVE-2026-22874

Gitea up to version 1.26.2 has incomplete SSRF protection in webhook and migration allow-list filtering (CVE-2026-22874). Affected: Gitea 1.26.x prior to 1.26.3. The issue exposes SSRF risk due to insufficient filtering in webhook and migration allow-list mechanisms. Patches addressing this belon...

9.6CVSS7.1AI score0.00464EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/07/01 6:55 p.m.7 views

Twig: Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders for a cached `Template`

Description The per-template filter, tag and function allow-list check is compiled into the checkSecurity method of each Template subclass and was invoked once from the constructor, gated by SandboxExtension::isSandboxed$source. Template instances are then cached on the Environment in...

8.2CVSS5.7AI score0.00362EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 9:32 a.m.23 views

CVE-2026-12142

CVE-2026-12142 affects the NEX-Forms – Ultimate Forms Plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the internal parameter named '_name[]' , present in all versions up to and including 9.2.2 . Root cause: insufficient input sanitization and output escaping, co...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References14
CVE
CVE
added 2026/06/30 3:54 p.m.28 views

CVE-2026-58172

CVE-2026-58172 affects Ocelot up to version 24.1.0. A security control bypass allows denied clients to bypass IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen omits SecurityMiddleware, causing requests from blocked IP...

9.3CVSS5.8AI score0.00412EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLED15 / SLES15 Security Update : python-PyJWT (SUSE-SU-2026:2627-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2627-1 advisory. This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments...

7.4CVSS5.9AI score0.00394EPSS
Exploits4References13
EUVD
EUVD
added 2026/06/25 3:53 p.m.7 views

EUVD-2026-39463

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...

5.4CVSS6AI score0.0014EPSS
Exploits1References1
Rows per page
Query Builder