Lucene search
K

2443 matches found

RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-46640

A flaw was found in Twig, a template language for PHP. An attacker with low privileges could exploit a vulnerability in the self. and import-alias dynamic attribute syntax. By concatenating a malicious string into a MacroReferenceExpression name without proper validation, the attacker can cause r...

8.7CVSS6.4AI score0.00335EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday72 views

SAS/Internet 9.4 1520 - Local File Inclusion

SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...

7.5CVSS7AI score0.07845EPSS
Exploits1References4
NVD
NVD
added 2 days ago5 views

CVE-2026-46640

Twig is a template language for PHP. From 3.15.0 until 3.26.0, self. and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier validation, causing raw PHP to be emitted into the generated template source and...

8.7CVSS0.00335EPSS
Exploits0References3
CVE
CVE
added 2 days ago39 views

CVE-2026-46640

CVE-2026-46640 — Twig (PHP template engine) : The issue affects Twig 3.15.0 through 3.26.0 where _self.() and import-alias dynamic attribute syntax can concatenate attacker-controlled strings into a MacroReferenceExpression name, bypassing identifier validation and causing raw PHP to be emitted a...

8.7CVSS6.1AI score0.00335EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-46640 Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

Twig is a template language for PHP. From 3.15.0 until 3.26.0, self. and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier validation, causing raw PHP to be emitted into the generated template source and...

8.7CVSS0.00335EPSS
Exploits0References3
Nuclei
Nuclei
added 3 days ago44 views

HTTP File Server <2.3c - Remote Command Execution

HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...

10CVSS7.3AI score0.99323EPSS
Exploits23References5
OSV
OSV
added 2026/06/23 1:27 p.m.3 views

SUSE-SU-2026:2584-1 Security update for exiv2

This update for exiv2 fixes the following issues - CVE-2021-34334: DoS due to integer overflow in loop counter bsc1189338. - CVE-2026-25884: out-of-bounds read in CrwMap: decode0x0805 bsc1259083. - CVE-2026-27596: integer overflow in LoaderNative: getData leads to out-of-bounds read bsc1259084. -...

8.1CVSS6.6AI score0.01104EPSS
Exploits1References9
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace listforeachentrysafe when using giveback The listforeachentrysafe macro saves the current item n and the item after n+1, so that n can be safely removed without corrupting the list. However, when...

5.5CVSS6AI score0.00252EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.13 views

CVE-2026-46540

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 12:16 a.m.19 views

CVE-2026-46540

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

6.5CVSS0.00259EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 12:16 a.m.13 views

CVE-2026-46543

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates...

5.3CVSS0.00291EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of LightBlockchain::rebranch, which only updated self.head when a fork chain was adopted, without updating...

6.5CVSS5.4AI score0.00259EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.25 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.5.0 contained a security vulnerability. This vulnerability occurred when processing RequestBatchSet messages that contained the hash of the genesis block, causing Policy::macroblockbefore to cra...

5.3CVSS5.3AI score0.00291EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 11:47 p.m.26 views

CVE-2026-46543

CVE-2026-46543 (Nimiq blockchain) affects the Rust implementation

5.3CVSS5.5AI score0.00291EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 11:47 p.m.2 views

CVE-2026-46543 nimiq-blockchain: Genesis batch set request

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates...

5.3CVSS6AI score0.00291EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 11:45 p.m.35 views

CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

6.5CVSS0.00259EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:45 p.m.9 views

CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 11:45 p.m.11 views

EUVD-2026-35881

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:45 p.m.24 views

CVE-2026-46540

Nimiq light-blockchain (Rust, Albatross) had a bug in LightBlockchain::rebranch() before v1.4.0: when forking to a macro-block tip (checkpoint or election), it updated only head and did not refresh macro_head, election_head, current_validators, or store the election header. This mismatch with the...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 11:45 p.m.3 views

CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

6.5CVSS5.9AI score0.00259EPSS
Exploits0References5
Rows per page
Query Builder