Lucene search
+L

713 matches found

nvd
nvd
added 2 days ago7 views

CVE-2026-46629

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

6.5CVSS0.0026EPSS
Exploits0References3
cve
cve
added 2 days ago22 views

CVE-2026-46629

Twig: twig/intl-extra memoises IntlDateFormatter and NumberFormatter in unbounded per-template arguments, causing potential unbounded memory growth in long-running environments. Affected prior to 3.26.0; fix is to upgrade to Twig 3.26.0 or later (formatter caches bounded with FIFO). Debian adviso...

6.5CVSS6.1AI score0.0026EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2 days ago32 views

CVE-2026-46629 Twig: Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

5.3CVSS0.0026EPSS
Exploits0References3
redhat
redhat
added 5 days ago7 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: rust: cargo-1.97.0-1.1.hum1 aarch64, x8664 clippy-1.97.0-1.1.hum1 aarch64, x8664 rust-1.97.0-1.1.hum1 aarch64, x8664 rust-analyzer-1.97.0-1.1.hum1 aarch64, x8664...

8.7CVSS6.6AI score0.00445EPSS
Exploits1References4
euvd
euvd
added 5 days ago5 views

EUVD-2026-43089

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

6.1AI score0.00414EPSS
Exploits0References2
euvd
euvd
added 5 days ago7 views

EUVD-2026-43051

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0...

6.1AI score0.00386EPSS
Exploits0References2
nvd
nvd
added 6 days ago6 views

CVE-2026-15086

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

5.9CVSS0.00414EPSS
Exploits0References1
nvd
nvd
added 6 days ago4 views

CVE-2026-12535

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0...

9.8CVSS0.00386EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago31 views

CVE-2026-15086 Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

0.00414EPSS
Exploits0References1
cve
cve
added 6 days ago7 views

CVE-2026-15086

Technical details about CVE-2026-15086 are not publicly available in the provided documents. Monitor for updates from official advisories and vulnerability feeds.

5.9CVSS6.1AI score0.00414EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago30 views

CVE-2026-12535 Formatter Field - Critical - PHP object injection - SA-CONTRIB-2026-048

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0...

0.00386EPSS
Exploits0References1
osv
osv
added 6 days ago3 views

CVE-2026-12535 Formatter Field - Critical - PHP object injection - SA-CONTRIB-2026-048

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References5
cve
cve
added 6 days ago17 views

CVE-2026-12535

CVE-2026-12535 concerns the Drupal Formatter Field module, where the vulnerability arises from storing data as PHP-serialized strings and exposing a risk of object injection when malicious data is written to the formatter_field. The affected versions span 0.0.0 through 2.0.0. The root cause invol...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References1
drupal
drupal
added 2026/07/08 12:0 a.m.7 views

Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.9CVSS5.9AI score0.00414EPSS
Exploits0References2
osv
osv
added 2026/07/07 9:17 p.m.3 views

DEBIAN-CVE-2026-53511

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS6.3AI score0.00197EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/07 8:46 p.m.31 views

CVE-2026-53511 calibre: Arbitrary Code Execution in Template Formatter via Book Metadata

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS0.00197EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/07 8:46 p.m.5 views

CVE-2026-53511

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS6.2AI score0.00197EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2026/07/01 4:16 p.m.10 views

CVE-2026-58037

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...

6.1CVSS0.0027EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/01 2:51 p.m.6 views

CVE-2026-58037

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...

5.8AI score0.0027EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/01 2:51 p.m.34 views

CVE-2026-58037 Core log entries for exceptions and XSS issues in log entry formatting code that may be caused by user-controlled input

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...

0.0027EPSS
Exploits0References1
Rows per page
Query Builder