Lucene search
K

2428 matches found

SUSE CVE
SUSE CVE
added 2026/05/22 2:21 a.m.15 views

SUSE CVE-2026-7836

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-33378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impac...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016771)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016771 advisory. An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsxvalloc macro that wraps malloc. Whe...

5.5CVSS6AI score0.01693EPSS
Exploits0References4
OSV
OSV
added 2026/05/21 9:31 p.m.8 views

GHSA-45VW-WH46-2VX8 Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...

8.7CVSS6AI score0.00056EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/21 9:31 p.m.17 views

Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...

6AI score0.00056EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 7:38 p.m.11 views

nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Impact A logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

5.9CVSS5.8AI score0.0015EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/21 1:12 p.m.10 views

CVE-2026-7836

A flaw was found in Netatalk. A remote attacker with low privileges could exploit a bug in the hextoint macro related to uppercase characters. This vulnerability could lead to a low impact on data integrity...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 8:16 a.m.16 views

CVE-2026-7836

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

3.1CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 7:35 a.m.24 views

CVE-2026-7836

CVE-2026-7836 affects Netatalk 2.0.0–4.4.2. The vulnerability is caused by an incorrect calculation in the hextoint macro due to improper uppercase character handling. This can allow a remote authenticated attacker to cause limited data modification via crafted hexadecimal input. A fix is availab...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 7:35 a.m.48 views

CVE-2026-7836 hextoint macro uppercase bug

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

3.1CVSS0.00257EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:35 a.m.6 views

CVE-2026-7836

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/21 7:35 a.m.14 views

CVE-2026-7836

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

3.1CVSS5.8AI score0.00257EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk have security vulnerabilities. These vulnerabilities stem from improper handling of uppercase...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig: Arbitrary PHP code execution via self. macro-reference compilation CVE-2026-46640 Note that Nessus relies on the presence of the package as reported by th...

6.2AI score0.00056EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42692

Name of the Vulnerable Software and Affected Versions Twig versions 3.15.0 through 3.x Description The obj.expr dynamic-attribute syntax allows the attribute to be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, the...

8.7CVSS5.4AI score0.00056EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42591

Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...

8.7CVSS6AI score0.00056EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42431

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description An incorrect calculation in the hextoint macro occurs due to improper handling of uppercase characters. This allows a remote authenticated attacker to cause limited data modification by providi...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42644

Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get epoch chunks which iterates backwards through macro blocks using Policy::macro block before. When it reaches the genesis block number, macro block before...

5.3CVSS5.8AI score
Exploits0References6
Snyk
Snyk
added 2026/05/20 9:41 a.m.7 views

Arbitrary Code Injection

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Arbitrary Code Injection via the obj.expr dynamic attribute syntax and MacroReferenceExpression::compile. An attacker can execute arbitrary PHP code by supplying a...

9.8CVSS6.1AI score0.00056EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2026/05/20 8:0 a.m.17 views

Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

More info at https://symfony.com/cve-2026-46640...

5.8AI score0.00056EPSS
Exploits0Affected Software1
Rows per page
Query Builder