34 matches found
PYSEC-2026-909 pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS)
An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...
PT-2026-50449
Name of the Vulnerable Software and Affected Versions JazzCore python-pdfkit version 1.0.0 Description The from string function allows the execution of JavaScript code within the server application context, which can lead to the exfiltration of local files. Recommendations At the moment, there is...
CVE-2025-26240
The CVE-2025-26240 entry affects JazzCore’s python-pdfkit 1.0.0, where the from_string method allows JavaScript to execute within the server context and enables exfiltration of local files. This indicates a server-side execution vector with high impact on confidentiality, integrity, and availabil...
CVE-2025-26240
In JazzCore python-pdfkit 1.0.0, the fromstring method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files...
Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call templatefromstring and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...
GHSA-24X9-R6Q4-Q93W Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call templatefromstring and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...
PT-2026-42583
Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call template from string and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...
Incorrect Authorization
Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via Environment::createTemplate when sandboxing is enabled selectively through SourcePolicyInterface. An attacker can bypass Twig sandbox...
PT-2026-42174
Name of the Vulnerable Software and Affected Versions Twig versions prior to 3.26.0 Description When a sandbox is enabled selectively via SourcePolicyInterface rather than globally, a sandboxed template permitted to use template from string and include can render an arbitrary inner template witho...
Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment
Summary ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturall...
📄 V8 StringToBigInt Memory Corruption Sandbox Bypass
V8 suffers from a sandbox bypass vulnerability due to memory corruption during StringToBigInt conversion. The function v8::internal::StringToBigInt is used by V8 when converting a string to a BigInt e.g. via BigInt“1337”. It first parses the string into individual digitt’s in the...
CVE-2026-30662
ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...
CVE-2026-29795
stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...
DEBIAN-CVE-2025-34451
rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxyfromstring located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password...
EUVD-2024-53516
Malicious code in bioql PyPI...
Prototype Pollution
module-from-string is vulnerable to Prototype pollution. The vulnerability is due to improper handling of user-supplied input in the lib.requireFromString function, allowing attackers to supply a crafted payload, leading to a Denial of Service DoS...
CVE-2024-57072
A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
@alvori/app (>=1.0.0-beta.11 <=1.0.0-beta.12), @chumager/itdfw (>=5.5.0 <=5.5.3) +113 more potentially affected by CVE-2024-57072 via module-from-string (>=2.3.0 <=3.3.1)
module-from-string NPM version =2.3.0, =1.0.0-beta.11, =5.5.0, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.2, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.1.9 and more Source cves: CVE-2024-57072 Source advisory: OSV:GHSA-Q5J8-9M9G-X2JH...
GHSA-Q5J8-9M9G-X2JH module-from-string prototype pollution
A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
module-from-string prototype pollution
A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...