Lucene search
K

1297 matches found

NVD
NVD
added yesterday7 views

CVE-2026-48807

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

7.1CVSS
Exploits0References2
CVE
CVE
added yesterday27 views

CVE-2026-48807

CVE-2026-48807 - Twig sandbox bypass via Traversable in join/replace and in/not in operators Affected: Twig template engine for PHP (prior to 3.27.0). Issue: The sandboxed __toString() checks fail to fully cover Traversable values passed to join and replace filters or operands evaluated by in/not...

7.1CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday28 views

CVE-2026-48807 Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

7.1CVSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago20 views

Better Search Replace < 1.4.5 - PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

9.8CVSS7.2AI score0.68047EPSS
Exploits2References2
Snyk
Snyk
added 6 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
CVE
CVE
added 2026/07/08 3:23 p.m.11 views

CVE-2026-59874

node-tar is a Node.js tar archive library. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to loop on the same header and make no progress; this is fixed in version 7.5.18. Upgrade to 7.5.18 to remediate. Th...

8.7CVSS5.9AI score0.00358EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/07/08 3:23 p.m.2 views

CVE-2026-59874 node-tar: Negative tar entry size causes infinite loop in archive replace

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18...

8.7CVSS6.9AI score0.00358EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/01 10:20 p.m.7 views

CVE-2026-50283

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId...

5.3CVSS5.8AI score0.00265EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/07/01 6:16 p.m.11 views

CVE-2026-57722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:7 p.m.16 views

CVE-2026-57722

The CVE-2026-57722 entry concerns the WordPress plugin Enable Media Replace (versions up to and including 4.2.1). The vulnerability is described as a Stored Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation. Affected component: the Enable Media Repla...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 5:7 p.m.37 views

CVE-2026-57722 WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS0.00148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 5:7 p.m.7 views

CVE-2026-57722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 5:7 p.m.8 views

EUVD-2026-41096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/01 5:6 p.m.6 views

WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Enable Media Replace versions = 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54889

Name of the Vulnerable Software and Affected Versions ShortPixel Enable Media Replace versions prior to 4.2.1 Description Improper neutralization of input during web page generation leads to a Stored Cross-site Scripting XSS issue. Stored XSS occurs when an application receives data from a user a...

5.9CVSS5.7AI score0.00148EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-58012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escap...

8.2CVSS6.1AI score0.00322EPSS
Exploits1References4
OSV
OSV
added 2026/06/30 6:43 p.m.8 views

GHSA-8X9C-RMQH-456C Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. It covers two related coercion points that were not caught by the original patch. Traversable in join and replace filters. SandboxExtension::ensureToStringAllowed...

7.1CVSS5.8AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/30 6:43 p.m.9 views

Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. It covers two related coercion points that were not caught by the original patch. Traversable in join and replace filters. SandboxExtension::ensureToStringAllowed...

7.1CVSS5.8AI score
Exploits0References5Affected Software1
Rows per page
Query Builder