Prototype Pollution

Overview velocityjs is a Velocity Template LanguageVTL for JavaScript Affected versions of this package are vulnerable to Prototype Pollution through the processing of set directives in templates. An attacker can modify the global object prototype by supplying specially crafted template content,...

PT-2026-30910

Name of the Vulnerable Software and Affected Versions Addressable versions 2.3.0 through 2.8.9 Description Addressable, an alternative URI implementation for Ruby, contains a flaw in its URI template implementation. Templates utilizing the '' explode modifier with any expansion operator e.g., foo...

Nuclei 3.7.1

Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...

EUVD-2018-11220

Malware in sbrugna...

EUVD-2020-5024

Malware in sbrugna...

EUVD-2024-3273

Malicious code in bioql PyPI...

EUVD-2025-29045

Malicious code in bioql PyPI...

EUVD-2025-0128

Malicious code in bioql PyPI...

EUVD-2024-2735

Malicious code in bioql PyPI...

EUVD-2022-6700

Malicious code in bioql PyPI...

EUVD-2024-3201

Malicious code in bioql PyPI...

[SECURITY] [DLA 4186-1] php-twig security update

Debian LTS Advisory DLA-4186-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 28, 2025 https://wiki.debian.org/LTS Package : php-twig Version : 2.14.3-1+deb11u4 CVE ID : CVE-2024-51754 Twig is a template language for PHP. In a sandbox, an attacker can call...

CVE-2024-51754

Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...

CVE-2024-51755

Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...

CVE-2020-12736

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local non-SSO user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator enter...

Linux Distros Unpatched Vulnerability : CVE-2024-51755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They...

CVE-2025-24374

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0...

CVE-2025-24374

Twig is a PHP template engine. The vulnerability CVE-2025-24374 concerns missing output escaping for the left side of the null coalescing operator (??). The issue is fixed in Twig 3.19.0. Severity in CVSSv3.1 is MEDIUM (4.3), but the document notes no exploitation details. Connected sources (NVD/...

CVE-2025-24374

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0...

CVE-2025-24374 Twig fixes a security issue where escaping was missing when using null coalesce operator (??)

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0...