Lucene search
K

4 matches found

OSV
OSV
added 2026/06/05 9:47 p.m.7 views

GHSA-PR2W-4GPJ-CPQ4 Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

Description SandboxNodeVisitor enforces SecurityPolicy::checkMethodAllowed for implicit toString calls by wrapping selected AST nodes in CheckToStringNode. The set of wrapped nodes is incomplete, and several Twig language constructs still trigger PHP string coercion on a Stringable operand withou...

5.5AI score0.00044EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23618

Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.2.3 Description The webhook URL validation in plane/app/serializers/webhook.py only checks if the IP address is loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private or internal...

8.5CVSS5.8AI score0.00284EPSS
Exploits0References7
OSV
OSV
added 2016/07/13 2:0 a.m.4 views

CVE-2016-4215

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors...

9.8CVSS5.9AI score0.05728EPSS
Exploits0References3
OSV
OSV
added 2016/07/12 1:59 a.m.3 views

CVE-2016-1445

Cisco Adaptive Security Appliance ASA Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes...

5.3CVSS5.8AI score0.01286EPSS
Exploits0References3
Rows per page
Query Builder