Arbitrary Code Injection

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Arbitrary Code Injection via template name handling in the % use % tag compilation path. An attacker can execute arbitrary PHP code by supplying a crafted template nam...

CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

PT-2026-39710

Name of the Vulnerable Software and Affected Versions jq versions 1.8.1 and earlier Description Top-level programs loaded from a file using the '-f' flag are truncated at the first embedded NUL byte. A specially crafted filter file containing a NUL byte followed by an arbitrary suffix will compil...

PCRE 缓冲区错误漏洞

PCRE is an open source regular expression library written in C by the individual developer Philip Hazel. A security vulnerability exists in PCRE. An attacker can exploit this vulnerability to trigger a denial of service or obtain sensitive information by forcing a read of an invalid memory addres...