Lucene search
+L

5 matches found

nvd
nvd
added 2 days ago5 views

CVE-2026-46640

Twig is a template language for PHP. From 3.15.0 until 3.26.0, self. and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier validation, causing raw PHP to be emitted into the generated template source and...

8.8CVSS0.00335EPSS
Exploits0References3
cve
cve
added 2 days ago41 views

CVE-2026-46640

CVE-2026-46640 — Twig (PHP template engine) : The issue affects Twig 3.15.0 through 3.26.0 where _self.() and import-alias dynamic attribute syntax can concatenate attacker-controlled strings into a MacroReferenceExpression name, bypassing identifier validation and causing raw PHP to be emitted a...

8.8CVSS6.1AI score0.00335EPSS
Exploits0References3Affected Software1
prion
prion
added 2023/03/13 5:15 p.m.17 views

Buffer overflow

The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones...

4CVSS6.5AI score0.00654EPSS
Exploits2References1Affected Software1
friendsofphp
friendsofphp
added 2022/09/28 10:36 a.m.32 views

Possibility to load a template outside a configured directory when using the filesystem loader

More info at https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader...

7.5CVSS7.2AI score0.01557EPSS
Exploits0Affected Software1
cnvd
cnvd
added 2019/04/28 12:0 a.m.6 views

Sierra Wireless AirLink ES450 Information Disclosure Vulnerability (CNVD-2019-13397)

The Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless Canada. An information disclosure vulnerability exists in the ACEManager templateload.cgi function in the Sierra Wireless AirLink ES450 using firmware version 4.9.3. The vulnerability stems from an error in...

6.5CVSS6.2AI score0.04132EPSS
Exploits3References1
Rows per page
Query Builder