Lucene search
+L

52 matches found

RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-48808

A flaw was found in Twig, a template language for PHP. The column filter in Twig fails to properly forward the active sandbox state, specifically the current Source to the SandboxExtension::checkPropertyAllowed function. This oversight results in the loss of SourcePolicyInterface decisions,...

7.5CVSS6AI score0.00239EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

DEBIAN-CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

8.2CVSS6.1AI score0.00362EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

8.2CVSS0.00362EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-48808

Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed, so SourcePolicyInterface decisions are lost and a template author can read public or magic...

7.5CVSS0.00239EPSS
Exploits0References3
NVD
NVD
added 4 days ago9 views

CVE-2026-48807

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

9.1CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-46634

Twig is a template language for PHP. From 3.9.0 until 3.26.0, templatefromstring compiles an inner template under a synthesized stringtemplate name that can fall outside a SourcePolicyInterface sandbox decision, allowing a sandboxed template that can call templatefromstring and include to render ...

9.8CVSS0.00419EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago41 views

CVE-2026-48807 Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

7.1CVSS0.00215EPSS
Exploits0References2
CVE
CVE
added 4 days ago32 views

CVE-2026-48806

Twig (PHP) prior to 3.27.0 is vulnerable to a Sandbox __toString() policy bypass via dynamic mapping keys in ArrayExpression. The issue allows a Stringable object used as a mapping key to invoke its __toString() without SandboxExtension::ensureToStringAllowed(), enabling potential data exposure a...

9.1CVSS6.1AI score0.00234EPSS
Exploits0References3Affected Software1
CVE
CVE
added 4 days ago31 views

CVE-2026-48808

Twig’s CVE-2026-48808 describes a sandbox bypass in the Column filter: prior to 3.27.0, the active sandbox state was passed but the current Source was not forwarded to SandboxExtension::checkPropertyAllowed(), allowing access to properties not permitted by the sandbox policy. This affects Twig te...

7.5CVSS6.1AI score0.00239EPSS
Exploits0References3Affected Software1
OSV
OSV
added 4 days ago4 views

CVE-2026-49981 Twig: Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders for a cached `Template`

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

6CVSS6.1AI score0.00362EPSS
Exploits0References5
CVE
CVE
added 4 days ago21 views

CVE-2026-49981

Twig is a template language for PHP. CVE-2026-49981 affects Twig up to version 3.26.x, where the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can be cached after sandbox state changes between renders. This can allow a later sand...

8.2CVSS6.1AI score0.00362EPSS
Exploits0References3Affected Software1
Microsoft CVE
Microsoft CVE
added last week4 views

Chromium: CVE-2026-14101 Insufficient policy enforcement in Sandbox

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

9.6CVSS6.1AI score0.00243EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54376

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Sandbox allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape by using a crafte...

9.8CVSS6AI score0.00413EPSS
Exploits0References446
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.15 views

PT-2026-54046

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description An incorrect policy check allows remote attackers to bypass path policy restrictions in sandboxed conversion services. This flaw enables the creation or truncation of files that are disallowed...

7.1CVSS5.9AI score0.00226EPSS
Exploits1References23
Vulnrichment
Vulnrichment
added 2026/06/22 7:56 p.m.3 views

CVE-2026-44727 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...

9.3CVSS5.9AI score0.00227EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.10 views

SUSE CVE-2026-11282

Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.6CVSS5.5AI score0.00243EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.11 views

Chromium: CVE-2026-11282 Policy bypass in Sandbox

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

9.6CVSS5.4AI score0.00243EPSS
Exploits0
OSV
OSV
added 2026/06/05 12:17 a.m.6 views

DEBIAN-CVE-2026-11282

Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.6CVSS5.5AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 11:6 p.m.10 views

CVE-2026-11282

Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.5AI score0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 11:6 p.m.37 views

CVE-2026-11282

CVE-2026-11282 affects Google Chrome on Linux. The issue is insufficient policy enforcement in the Sandbox, potentially allowing a sandbox escape via a crafted HTML page on versions prior to 149.0.7827.53. The reported impact is a high-risk security bypass leading to full exposure of the host, wi...

9.6CVSS5.8AI score0.00243EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder