2443 matches found
CVE-2026-46640
A flaw was found in Twig, a template language for PHP. An attacker with low privileges could exploit a vulnerability in the self. and import-alias dynamic attribute syntax. By concatenating a malicious string into a MacroReferenceExpression name without proper validation, the attacker can cause r...
SAS/Internet 9.4 1520 - Local File Inclusion
SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...
CVE-2026-46640
Twig is a template language for PHP. From 3.15.0 until 3.26.0, self. and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier validation, causing raw PHP to be emitted into the generated template source and...
CVE-2026-46640
CVE-2026-46640 — Twig (PHP template engine) : The issue affects Twig 3.15.0 through 3.26.0 where _self.() and import-alias dynamic attribute syntax can concatenate attacker-controlled strings into a MacroReferenceExpression name, bypassing identifier validation and causing raw PHP to be emitted a...
CVE-2026-46640 Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation
Twig is a template language for PHP. From 3.15.0 until 3.26.0, self. and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier validation, causing raw PHP to be emitted into the generated template source and...
HTTP File Server <2.3c - Remote Command Execution
HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...
SUSE-SU-2026:2584-1 Security update for exiv2
This update for exiv2 fixes the following issues - CVE-2021-34334: DoS due to integer overflow in loop counter bsc1189338. - CVE-2026-25884: out-of-bounds read in CrwMap: decode0x0805 bsc1259083. - CVE-2026-27596: integer overflow in LoaderNative: getData leads to out-of-bounds read bsc1259084. -...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace listforeachentrysafe when using giveback The listforeachentrysafe macro saves the current item n and the item after n+1, so that n can be safely removed without corrupting the list. However, when...
CVE-2026-46540
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...
CVE-2026-46540
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...
CVE-2026-46543
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates...
Nimiq 安全漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of LightBlockchain::rebranch, which only updated self.head when a fork chain was adopted, without updating...
Nimiq 安全漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.5.0 contained a security vulnerability. This vulnerability occurred when processing RequestBatchSet messages that contained the hash of the genesis block, causing Policy::macroblockbefore to cra...
CVE-2026-46543
CVE-2026-46543 (Nimiq blockchain) affects the Rust implementation
CVE-2026-46543 nimiq-blockchain: Genesis batch set request
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates...
CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...
CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...
EUVD-2026-35881
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...
CVE-2026-46540
Nimiq light-blockchain (Rust, Albatross) had a bug in LightBlockchain::rebranch() before v1.4.0: when forking to a macro-block tip (checkpoint or election), it updated only head and did not refresh macro_head, election_head, current_validators, or store the election header. This mismatch with the...
CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...