Lucene search
+L

1095 matches found

nvd
nvd
added 2 days ago8 views

CVE-2026-48807

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

7.1CVSS0.00235EPSS
Exploits0References2
cve
cve
added 2 days ago28 views

CVE-2026-48807

CVE-2026-48807 - Twig sandbox bypass via Traversable in join/replace and in/not in operators Affected: Twig template engine for PHP (prior to 3.27.0). Issue: The sandboxed __toString() checks fail to fully cover Traversable values passed to join and replace filters or operands evaluated by in/not...

7.1CVSS6.1AI score0.00235EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago38 views

CVE-2026-48807 Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

7.1CVSS0.00235EPSS
Exploits0References2
attackerkb
attackerkb
added last week7 views

CVE-2026-59216

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, geteventcall delivered execute:python and execute:tool Socket.IO events to a client-supplied sessionid after checking only that the session was connected, allowing authenticated users who learne...

7.7CVSS6AI score0.00308EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/07/08 1:51 p.m.33 views

CVE-2026-60092 AVideo - Stored Cross-Site Scripting via Unescaped User-Agent in Participants Panel

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS0.002EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/08 1:51 p.m.6 views

CVE-2026-60092

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS5.7AI score0.002EPSS
Exploits0References4
cve
cve
added 2026/07/08 1:51 p.m.10 views

CVE-2026-60092

The CVE-2026-60092 entry describes a stored cross-site scripting vulnerability in the AVideo Meet plugin. When a participant joins a public meeting, the raw HTTP User-Agent header is stored in meet_join_log.user_agent without sanitization and later echoed in the Participants management panel (vis...

6.1CVSS5.7AI score0.002EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/07 3:9 p.m.33 views

CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS0.0042EPSS
Exploits0References7
cve
cve
added 2026/07/07 3:9 p.m.15 views

CVE-2026-56811

The CVE-2026-56811 issue affects the Phoenix framework (Phoenix.Socket) where transports (WebSocket/LongPoll) allow an unbounded number of channel joins per transport, enabling a single unauthenticated client to exhaust BEAM processes and cause a denial-of-service across the node. Root cause is l...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References7Affected Software1
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.10 views

PT-2026-56201

Name of the Vulnerable Software and Affected Versions phoenix versions 0.11.0 through 1.5.14 phoenix versions 1.6.0-rc.0 through 1.6.16 phoenix versions 1.7.0-rc.0 through 1.7.23 phoenix versions 1.8.0-rc.0 through 1.8.8 Description An unauthenticated attacker can cause a denial of service agains...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References19
osv
osv
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-1010 Missing validation causes denial of service via `Conv3DBackpropFilterV2`

Impact The implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.strings.unsortedsegmentjoin inputs='123', segmentids=0, numsegments=-1...

5.5CVSS6.2AI score0.00346EPSS
Exploits1References13
osv
osv
added 2026/06/30 6:43 p.m.8 views

GHSA-8X9C-RMQH-456C Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. It covers two related coercion points that were not caught by the original patch. Traversable in join and replace filters. SandboxExtension::ensureToStringAllowed...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References5
github
github
added 2026/06/30 6:43 p.m.9 views

Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. It covers two related coercion points that were not caught by the original patch. Traversable in join and replace filters. SandboxExtension::ensureToStringAllowed...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/06/30 11:20 a.m.7 views

EUVD-2026-40295

DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor but never quotechar, so SQL::Abstract emits identifiers verbatim. Caller-supplied identifiers orderby, where-claus...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.14 views

PT-2026-53847

Name of the Vulnerable Software and Affected Versions DBIx::QuickORM versions prior to 0.000026 Description An issue exists where SQL identifiers are emitted verbatim into generated queries without proper quoting or escaping. This occurs because the default SQL builder, a SQL::Abstract subclass,...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References7
osv
osv
added 2026/06/27 12:2 a.m.7 views

GHSA-FR4H-3CPH-29XV pnpm: Hoisted install imports lockfile alias outside node_modules

Summary The hoisted dependency alias issue tracked as GHSA-fr4h-3cph-29xv / CAND-PNPM-059 has been addressed in both pnpm and pacquet. A crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases suc...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References2
nvd
nvd
added 2026/06/25 9:16 p.m.9 views

CVE-2026-56445

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS0.00434EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/25 8:46 p.m.25 views

CVE-2026-56445 pydicom pynetdicom Library Path Traversal

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS0.00434EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/25 8:46 p.m.6 views

CVE-2026-56445

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS6AI score0.00434EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/06/25 8:46 p.m.4 views

CVE-2026-56445 pydicom pynetdicom Library Path Traversal

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

8.8CVSS6AI score0.00434EPSS
Exploits0References5
Rows per page
Query Builder