Improper Validation of Specified Index, Position, or Offset in Input

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input in the SandboxNodeVisitor that allows toString policy bypass via Traversable in join/replace filte...

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the deprecated twigarraysome, twigarrayevery, and twigcheckarrowinsandbox helper functions. An attacker can bypass the sandbox callback...

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via dynamic mapping key handling in ArrayExpression. An attacker can bypass the sandbox toString restrictions by using a stringable object as a...

Linux Distros Unpatched Vulnerability : CVE-2026-46633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-46633 Note that Nessus relies on the presence of the package as reported by the vendo...

Arbitrary Code Injection

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Arbitrary Code Injection via the obj.expr dynamic attribute syntax and MacroReferenceExpression::compile. An attacker can execute arbitrary PHP code by supplying a...

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via object-destructuring assignment handling in ObjectDestructuringSetBinary::compile. An attacker can bypass Twig sandbox property and method...

Cross-site Scripting (XSS)

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the spaceless filter registered with issafe = 'html'. An attacker can execute arbitrary HTML or JavaScript by supplying crafted markup to...

phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

Summary The FAQ creation and update endpoints in phpMyFAQ apply FILTERSANITIZESPECIALCHARS which HTML-encodes input, then immediately call htmlentitydecode which reverses the encoding, followed by Filter::removeAttributes which only strips HTML attributes — not tags. This allows , , , and tags to...

CVE-2026-40878

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw $SERVER'REQUESTURI' to Twig as a global template variable and renders it inside a JavaScript string literal in the setLang helper of base.twig,...

CVE-2026-40878 mailcow-dockerized Login Page has Reflected Parameter Injection / Wrong-Context XSS Escaping

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw $SERVER'REQUESTURI' to Twig as a global template variable and renders it inside a JavaScript string literal in the setLang helper of base.twig,...

Kimai leaks API Token Hash via Invoice Twig Template

Summary The Twig sandbox used for invoice templates blocks certain sensitive User methods password, TOTP secret, etc. via a blocklist in StrictPolicy::checkMethodAllowed. However, getApiToken and getPlainApiToken are not on the blocklist. An admin who creates an invoice template can embed calls t...

CVE-2026-33705 Chamilo LMS has unauthenticated access to Twig template source files exposes application logic

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

CVE-2026-33705 Chamilo LMS has unauthenticated access to Twig template source files exposes application logic

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example ""@evil.com. PHP's FILTERVALIDATEEMAIL accepts this email...

CVE-2026-4257

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...

CVE-2026-4257

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...

WordPress plugin Contact Form by Supsystic 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the renderString function. An attacker can execute arbitrary PHP code by injecting malicious Twig template code when authenticated with access to the Craft control...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. There is a security vulnerability in Craft CMS, which stems from the lack of sandbox protection in the rendering of template content provided by users through the Webhooks plugin. This vulnerability could allow...

CVE-2026-28697

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can achieve Remote Code Execution RCE by injecting a Server-Side Template Injection SSTI payload into Twig template fields e.g., Email Templates. By calling the craft.app.fs.write...