Lucene search
K

231 matches found

CVE
CVE
added yesterday20 views

CVE-2026-47732

Twig Sandbox: multiple __toString() policy bypasses via unguarded string coercion points existed prior to 3.26.0, enabling string coercion of Stringable operands through various constructs (conditional expressions, matches operator, loose comparisons, tests, template-loading tags, dynamic attribu...

7.1CVSS6.1AI score0.00044EPSS
Exploits0References3
Nuclei
Nuclei
added 4 days ago82 views

Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard

A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcard endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC pat...

9.8CVSS7.2AI score0.89738EPSS
Exploits1References2
OSV
OSV
added last week3 views

CVE-2026-59871 node-tar: Process crash via PAX numeric path type confusion

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPathentry.path.split'/' to throw an uncaught TypeError. This issue is...

5.3CVSS6.1AI score0.00358EPSS
Exploits1References5
CVE
CVE
added 2026/07/07 10:23 p.m.13 views

CVE-2026-55076

Coder’s CVE-2026-55076 describes an OIDC callback flaw where the email_verified claim was checked with a direct Go bool assertion. If an IdP returns a non-boolean value (e.g., "false") or omits the claim, the check can pass incorrectly, in combination with an unconditional email-based account fal...

7.4CVSS6AI score0.00479EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/07/07 10:23 p.m.28 views

CVE-2026-55076 Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string...

7.4CVSS0.00479EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:23 p.m.7 views

CVE-2026-55076 Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string...

7.4CVSS6AI score0.00479EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/07 10:23 p.m.6 views

CVE-2026-55076

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string...

7.4CVSS6AI score0.00479EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/07/06 8:50 p.m.5 views

GHSA-75VM-6W67-GWVP Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Summary Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string "false" or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based accou...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/06 8:50 p.m.6 views

Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Summary Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string "false" or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based accou...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56066

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists in the OIDC callback where the email verified claim is checked using a direct Go bool type...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References13
Nuclei
Nuclei
added 2026/07/03 1:39 p.m.82 views

Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile

A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForSingleFile endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC...

9.8CVSS7.4AI score0.88518EPSS
Exploits1References2
OSV
OSV
added 2026/06/30 6:43 p.m.8 views

GHSA-8X9C-RMQH-456C Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. It covers two related coercion points that were not caught by the original patch. Traversable in join and replace filters. SandboxExtension::ensureToStringAllowed...

7.1CVSS5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/30 6:42 p.m.3 views

GHSA-5V5V-WW74-355V Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. In 3.26.0 the sandbox visitor was extended to wrap every child node that its parent will string-coerce at runtime with CheckToStringNode, gated by the new...

7.1CVSS5.8AI score
Exploits0References5
EUVD
EUVD
added 2026/06/25 1:12 p.m.4 views

EUVD-2026-39386

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

2.7CVSS5.8AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48678

Name of the Vulnerable Software and Affected Versions tmp version 0.2.6 Description A type-confusion issue exists in the assertPath guard. The guard only rejects string values containing the substring .., allowing it to be bypassed when prefix, postfix, or template are supplied as non-string valu...

8.2CVSS5.2AI score0.00496EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/06/05 9:47 p.m.13 views

Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

Description SandboxNodeVisitor enforces SecurityPolicy::checkMethodAllowed for implicit toString calls by wrapping selected AST nodes in CheckToStringNode. The set of wrapped nodes is incomplete, and several Twig language constructs still trigger PHP string coercion on a Stringable operand withou...

7.1CVSS5.4AI score0.00044EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/05 9:47 p.m.10 views

GHSA-PR2W-4GPJ-CPQ4 Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

Description SandboxNodeVisitor enforces SecurityPolicy::checkMethodAllowed for implicit toString calls by wrapping selected AST nodes in CheckToStringNode. The set of wrapped nodes is incomplete, and several Twig language constructs still trigger PHP string coercion on a Stringable operand withou...

7.1CVSS5.5AI score0.00044EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8276

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

6.3CVSS4.6AI score0.00389EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/20 9:41 a.m.13 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via incomplete CheckToStringNode enforcement in SandboxNodeVisitor. An attacker can invoke toString on arbitrary objects reachable from the...

7.4CVSS5.9AI score0.00044EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

An integer coercion error was detected in the openvswitch kernel module. When there are a sufficient number of actions, while copying and reserving memory for a new action of a new flow, the reservesfasize function does not return -EMSGSIZE as expected. This could potentially lead to an...

7.8CVSS6.7AI score0.00812EPSS
Exploits5References2
Rows per page
Query Builder