Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/27 5:41 p.m.8 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the deprecated twigarraysome, twigarrayevery, and twigcheckarrowinsandbox helper functions. An attacker can bypass the sandbox callback...

4.2CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/07 1:43 a.m.6 views

CVE-2026-28479

OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...

9.1CVSS5.7AI score0.00179EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.5 views

CVE-2026-28479

OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...

8.7CVSS5.9AI score0.00179EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.8 views

Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`

More info at https://symfony.com/blog/cve-2026-48805-sandbox-state-regression-in-deprecated-internal-wrappers-in-src-resources-core-php...

5.8AI score
Exploits0Affected Software1
Rows per page
Query Builder