Lucene search
+L

4 matches found

osv
osv
added 2026/05/20 2:16 p.m.6 views

DEBIAN-CVE-2026-24425

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

9.9CVSS6.2AI score0.00738EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/20 1:45 p.m.54 views

CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

8.8CVSS0.00738EPSS
Exploits0References3
debiancve
debiancve
added 2026/05/20 1:45 p.m.12 views

CVE-2026-24425

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...

9.9CVSS6.2AI score0.00738EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/05/20 12:0 a.m.12 views

PT-2026-42168

Name of the Vulnerable Software and Affected Versions Twig versions 2.16.x Twig versions 3.9.0 through 3.25.x Description A sandbox bypass exists when using a SourcePolicyInterface. This occurs because a runtime check fails to use the current template source, allowing attackers with template...

9.9CVSS6.3AI score0.00738EPSS
Exploits0References19
Rows per page
Query Builder