PT-2026-42692

Name of the Vulnerable Software and Affected Versions Twig versions 3.15.0 through 3.x Description The obj.expr dynamic-attribute syntax allows the attribute to be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, the...

PT-2026-42391

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get sponsored meta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

Linux Distros Unpatched Vulnerability : CVE-2026-46640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig: Arbitrary PHP code execution via self. macro-reference compilation CVE-2026-46640 Note that Nessus relies on the presence of the package as reported by th...

MINI-M64J-R5CG-5CMQ

Bulletin has no description...

CVE-2026-40102 Plane: ORM Field Reference Injection via `segment` Parameter in Saved Analytics

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

Apache Neethi: Apache Neethi: Information disclosure and network access bypass via PolicyReference API

A flaw was found in Apache Neethi. When an application explicitly calls the PolicyReference API to retrieve a policy from a remote Uniform Resource Identifier URI, Apache Neethi does not impose restrictions on the URI. This allows a remote attacker to cause the application to make outbound reques...

CGA-4FQ8-F39F-CVRP

Bulletin has no description...

MINI-G964-89MF-QR75

Bulletin has no description...

MINI-3C9F-6QFC-RV55

Bulletin has no description...

MINI-CJMW-7M27-R4HM

Bulletin has no description...

MINI-FF5F-X2FR-4VXM

Bulletin has no description...

MINI-X239-2FFX-M95M

Bulletin has no description...

phpMyFAQ: IDOR Account Takeover

Summary An Insecure Direct Object Reference IDOR vulnerability in phpMyFAQ's Admin API allows any authenticated administrator to change the password of any user account, including SuperAdmin accounts userId=1, without authorization verification. An attacker with a low-privilege admin account can...

GHSA-XVP4-PHQJ-CJR3 phpMyFAQ: IDOR Account Takeover

Summary An Insecure Direct Object Reference IDOR vulnerability in phpMyFAQ's Admin API allows any authenticated administrator to change the password of any user account, including SuperAdmin accounts userId=1, without authorization verification. An attacker with a low-privilege admin account can...

CVE-2026-22554

creationtimestamp| type| source ---|---|--- 2026-05-20 14:30:05+00:00| seen| https://infosec.place/objects/052b99be-ded8-4ed2-89eb-9aad7bf23954 2026-05-20 15:43:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcanqmdzj2o 2026-05-20 20:00:53+00:00| seen|...

CVE-2026-22314

creationtimestamp| type| source ---|---|--- 2026-05-20 12:43:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbwm7vwyn2o...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.54 security and extras update

Red Hat OpenShift Container Platform release 4.17.54 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.12 Security Update

New Red Hat build of Keycloak 26.4.12 packages are available from the Customer Portal Red Hat build of Keycloak 26.4.12 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...

RHSA-2026:19069 Red Hat Security Advisory: openssh security update

Bulletin has no description...

Arbitrary Code Injection

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Arbitrary Code Injection via the obj.expr dynamic attribute syntax and MacroReferenceExpression::compile. An attacker can execute arbitrary PHP code by supplying a...