PT-2026-42635

Description The object-destructuring assignment syntax introduced in Twig 3.24.0 generates a call to CoreExtension::getAttribute with the $sandboxed argument hardcoded to false, regardless of whether a SandboxExtension is active. This permanently disables the sandbox's property and method policy...

PT-2026-42691

Name of the Vulnerable Software and Affected Versions Twig versions 3.24.0 through 3.24.x Description The object-destructuring assignment syntax generates a call to the getAttribute function within CoreExtension where the $sandboxed argument is hardcoded to false. This occurs regardless of whethe...

CVE-2026-32046 OpenClaw < 2026.2.21 - OS-level Sandbox Bypass via --no-sandbox Flag

OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the...

Cross Site Scripting (XSS)

@excalidraw/excalidraw is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization against HTML injection in two vectors: rendering untrusted strings as iframe's srcdoc and attribute HTML injection in conjunction with allowing the allow-same-origin sandbox flag...

GHSA-M64Q-4JQH-F72F Stored Cross-site Scripting (XSS) in excalidraw's web embed component

Summary A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. Poc Inserting an embed with the below url can be copy/pasted onto canvas to insert as embed will log 42 to the console:...

CVE-2024-32472

The CVE-2024-32472 entry details a stored XSS in Excalidraw’s web embeddable component. Two vectors exist: (1) untrusted content rendered as an iframe srcdoc without proper HTML sanitization, and (2) improper sanitization against attribute HTML injection, exacerbated by allow-same-origin in the s...