Lucene search
+L

7857 matches found

NVD
NVD
added 19 hours ago5 views

CVE-2026-62235

Grav Flex-Objects before version 1.4.3 contains a broken access control vulnerability in the admin-next REST API that allows authenticated users with only api.access permission to perform unauthorized CRUD operations on permission-less directories. Attackers with api.access credentials can create...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
added 21 hours ago11 views

CVE-2026-62235 Grav Flex-Objects < 1.4.3 Authorization Bypass via API

Grav Flex-Objects before version 1.4.3 contains a broken access control vulnerability in the admin-next REST API that allows authenticated users with only api.access permission to perform unauthorized CRUD operations on permission-less directories. Attackers with api.access credentials can create...

6.3CVSS
Exploits0References2
CVE
CVE
added 21 hours ago10 views

CVE-2026-62235

CVE-2026-62235 affects Grav Flex-Objects

6.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 21 hours ago8 views

EUVD-2026-45081

Grav Flex-Objects before version 1.4.3 contains a broken access control vulnerability in the admin-next REST API that allows authenticated users with only api.access permission to perform unauthorized CRUD operations on permission-less directories. Attackers with api.access credentials can create...

6.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-44969

The Janssen Project is an open-source identity and access management IAM platform. Prior to 2.0.0, jans-auth-server accepts unsigned JWE request objects because JwtAuthorizationRequest skips inner signature validation when jwe.getSignedJWTPayload returns null, and...

5.3CVSS6.1AI score0.00044EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2026-62389 ws < 8.21.1 Default maxFragments Allows Memory Exhaustion DoS

ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...

8.7CVSS6.1AI score0.0045EPSS
Exploits0References7
NVD
NVD
added 2 days ago6 views

CVE-2026-58655

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS0.01084EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44633

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS6.3AI score0.01084EPSS
Exploits0References2
OSV
OSV
added 2 days ago4 views

CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.7CVSS6.3AI score0.01084EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS0.01084EPSS
Exploits0References2
CVE
CVE
added 2 days ago7 views

CVE-2026-58655

The CVE concerns Grav’s Flex Objects plugin (getgrav/grav-plugin-flex-objects) prior to version 1.4.0. It enables a stored server-side template injection when rendering dynamic collection/object titles by passing user-controlled frontmatter (page.header.flex.collection.title or page.header.flex.o...

8.8CVSS6.3AI score0.01084EPSS
Exploits0References2
NVD
NVD
added 3 days ago9 views

CVE-2026-48807

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

9.1CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-46629

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

6.5CVSS0.00302EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

CVE-2026-59732 rclone archive extract allows S3 destination prefix escape via crafted archive paths

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS6.1AI score0.00144EPSS
Exploits1References6
CVE
CVE
added 3 days ago34 views

CVE-2026-48807

Twig: The vulnerability CVE-2026-48807 affects Twig templates in PHP prior to 3.27.0 where sandbox __toString() checks do not fully cover Traversable values passed to join/replace filters or in/not in operators, allowing contained Stringable objects to be coerced to strings without sandbox policy...

9.1CVSS6.1AI score0.00235EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago32 views

CVE-2026-48806

Twig (PHP) prior to 3.27.0 is vulnerable to a Sandbox __toString() policy bypass via dynamic mapping keys in ArrayExpression. The issue allows a Stringable object used as a mapping key to invoke its __toString() without SandboxExtension::ensureToStringAllowed(), enabling potential data exposure a...

9.1CVSS6.1AI score0.00238EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-46629 Twig: Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

5.3CVSS0.00302EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 5 days ago6 views

CVE-2026-10667 SMP use-after-free in Zephyr `CONFIG_USERSPACE` dynamic kernel-object tracking, reachable from unprivileged user threads

Zephyr's dynamic kernel-object tracking kernel/userspace/userspace.c, formerly kernel/userspace.c maintains a doubly-linked list objlist of dynamically allocated kernel objects. Iteration over this list in kobjectwordlistforeach was performed under listslock using the SAFE iterator which caches t...

7.8CVSS6.1AI score0.00103EPSS
Exploits1References2
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-10667 SMP use-after-free in Zephyr `CONFIG_USERSPACE` dynamic kernel-object tracking, reachable from unprivileged user threads

Zephyr's dynamic kernel-object tracking kernel/userspace/userspace.c, formerly kernel/userspace.c maintains a doubly-linked list objlist of dynamically allocated kernel objects. Iteration over this list in kobjectwordlistforeach was performed under listslock using the SAFE iterator which caches t...

7.8CVSS0.00103EPSS
Exploits1References2
OSV
OSV
added 5 days ago6 views

CVE-2026-10667 SMP use-after-free in Zephyr `CONFIG_USERSPACE` dynamic kernel-object tracking, reachable from unprivileged user threads

Zephyr's dynamic kernel-object tracking kernel/userspace/userspace.c, formerly kernel/userspace.c maintains a doubly-linked list objlist of dynamically allocated kernel objects. Iteration over this list in kobjectwordlistforeach was performed under listslock using the SAFE iterator which caches t...

7.8CVSS6.1AI score0.00103EPSS
Exploits1References5
Rows per page
Query Builder