2428 matches found
SUSE CVE-2026-7836
An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...
Linux Distros Unpatched Vulnerability : CVE-2026-33378
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impac...
Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016771)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016771 advisory. An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsxvalloc macro that wraps malloc. Whe...
GHSA-45VW-WH46-2VX8 Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation
Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...
Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation
Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty
Impact A logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...
CVE-2026-7836
A flaw was found in Netatalk. A remote attacker with low privileges could exploit a bug in the hextoint macro related to uppercase characters. This vulnerability could lead to a low impact on data integrity...
CVE-2026-7836
An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...
CVE-2026-7836
CVE-2026-7836 affects Netatalk 2.0.0–4.4.2. The vulnerability is caused by an incorrect calculation in the hextoint macro due to improper uppercase character handling. This can allow a remote authenticated attacker to cause limited data modification via crafted hexadecimal input. A fix is availab...
CVE-2026-7836 hextoint macro uppercase bug
An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...
CVE-2026-7836
An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...
CVE-2026-7836
An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...
Netatalk 安全漏洞
Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk have security vulnerabilities. These vulnerabilities stem from improper handling of uppercase...
Linux Distros Unpatched Vulnerability : CVE-2026-46640
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig: Arbitrary PHP code execution via self. macro-reference compilation CVE-2026-46640 Note that Nessus relies on the presence of the package as reported by th...
PT-2026-42692
Name of the Vulnerable Software and Affected Versions Twig versions 3.15.0 through 3.x Description The obj.expr dynamic-attribute syntax allows the attribute to be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, the...
PT-2026-42591
Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...
PT-2026-42431
Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description An incorrect calculation in the hextoint macro occurs due to improper handling of uppercase characters. This allows a remote authenticated attacker to cause limited data modification by providi...
PT-2026-42644
Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get epoch chunks which iterates backwards through macro blocks using Policy::macro block before. When it reaches the genesis block number, macro block before...
Arbitrary Code Injection
Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Arbitrary Code Injection via the obj.expr dynamic attribute syntax and MacroReferenceExpression::compile. An attacker can execute arbitrary PHP code by supplying a...
Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation
More info at https://symfony.com/cve-2026-46640...