Lucene search
+L

25948 matches found

Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-46638 Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...

6CVSS0.00265EPSS
Exploits0References3
CVE
CVE
added 5 days ago36 views

CVE-2026-46638

Twig pre-3.26.0 allowed a cached template to bypass SecurityPolicy::checkSecurity() via {% sandbox %}{% include %} without re-checking; the issue is fixed in 3.26.0. Debian advisories extend the fix to 3.27.0 for the stable release. Affected software: Twig PHP template engine; vulnerability invol...

8.1CVSS6.1AI score0.00265EPSS
Exploits0References3Affected Software1
OSV
OSV
added 5 days ago3 views

CVE-2026-46638 Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...

6CVSS6.1AI score0.00265EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-46634 Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name

Twig is a template language for PHP. From 3.9.0 until 3.26.0, templatefromstring compiles an inner template under a synthesized stringtemplate name that can fall outside a SourcePolicyInterface sandbox decision, allowing a sandboxed template that can call templatefromstring and include to render ...

7.7CVSS0.00419EPSS
Exploits0References3
CVE
CVE
added 5 days ago46 views

CVE-2026-46634

CVE-2026-46634 affects Twig for PHP, where versions 3.9.0–3.26.0 allow template_from_string() to synthesize a name (string_template ) that can bypass a SourcePolicyInterface sandbox, enabling a sandboxed template to call template_from_string and include an inner template without security policy e...

9.8CVSS6.1AI score0.00419EPSS
Exploits0References3Affected Software1
OSV
OSV
added 5 days ago3 views

CVE-2026-46634 Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name

Twig is a template language for PHP. From 3.9.0 until 3.26.0, templatefromstring compiles an inner template under a synthesized stringtemplate name that can fall outside a SourcePolicyInterface sandbox decision, allowing a sandboxed template that can call templatefromstring and include to render ...

7.7CVSS6.1AI score0.00419EPSS
Exploits0References5
OSV
OSV
added 5 days ago4 views

DEBIAN-CVE-2026-15774

Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6.1AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 5 days ago5 views

DEBIAN-CVE-2026-15776

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.4AI score0.00328EPSS
Exploits0References1
OSV
OSV
added 5 days ago6 views

DEBIAN-CVE-2026-15773

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS6.2AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-15773

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-15776

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00328EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-15774

Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00221EPSS
Exploits0References2
OSV
OSV
added 5 days ago9 views

DEBIAN-CVE-2026-15772

Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6.2AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 5 days ago5 views

DEBIAN-CVE-2026-15769

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6.2AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 5 days ago3 views

CVE-2026-15767

Heap buffer overflow in libyuv in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. Chromium security severity: High...

8.8CVSS0.00311EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-15772

Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00221EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-15769

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00236EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-46627 Twig: Sandbox resource exhaustion via unbounded `for` / `range()`

Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...

7.1CVSS0.00385EPSS
Exploits0References3
CVE
CVE
added 5 days ago18 views

CVE-2026-46627

CVE-2026-46627 concerns Twig, a PHP template engine. Before 3.26.0, Twig’s sandbox does not prevent a template from consuming CPU, memory, or wall-clock time even with an allow-list, allowing resource exhaustion via unbounded for/range usage. The issue is mitigated in version 3.26.0, which docume...

7.1CVSS6.1AI score0.00385EPSS
Exploits0References3Affected Software1
OSV
OSV
added 5 days ago6 views

CVE-2026-46627 Twig: Sandbox resource exhaustion via unbounded `for` / `range()`

Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...

7.1CVSS6.1AI score0.00385EPSS
Exploits0References5
Rows per page
Query Builder