Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-3201

Malicious code in bioql PyPI...

2.2CVSS6.3AI score0.0044EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3273

Malicious code in bioql PyPI...

2.2CVSS6.3AI score0.00414EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6700

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01488EPSS
Exploits0References22
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-0128

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00282EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 8:4 a.m.6 views

CVE-2024-51754

Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...

2.2CVSS6.7AI score0.0044EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-51755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They...

2.2CVSS5.5AI score0.00414EPSS
Exploits0References3
NVD
NVD
added 2025/01/29 4:15 p.m.26 views

CVE-2025-24374

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0...

4.3CVSS0.00282EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/01/29 3:22 p.m.10 views

CVE-2025-24374

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0...

4.3CVSS5.3AI score0.00282EPSS
Exploits0
CVE
CVE
added 2025/01/29 3:22 p.m.222 views

CVE-2025-24374

Twig is a PHP template engine. The vulnerability CVE-2025-24374 concerns missing output escaping for the left side of the null coalescing operator (??). The issue is fixed in Twig 3.19.0. Severity in CVSSv3.1 is MEDIUM (4.3), but the document notes no exploitation details. Connected sources (NVD/...

4.3CVSS4.6AI score0.00282EPSS
Exploits0References2
OSV
OSV
added 2024/11/06 8:15 p.m.3 views

UBUNTU-CVE-2024-51755

Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...

2.2CVSS5.8AI score0.00414EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/09/28 12:0 a.m.7 views

CVE-2022-39261 Twig may load a template outside a configured directory when using the filesystem loader

Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the source or include statement to read arbitrary files from outsi...

7.5CVSS7.5AI score0.01488EPSS
Exploits0References11
OSV
OSV
added 2022/02/04 11:15 p.m.4 views

DEBIAN-CVE-2022-23614

Twig is an open source template language for PHP. When in a sandbox mode, the arrow parameter of the sort filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of...

9.8CVSS8.7AI score0.08209EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2022/02/04 10:25 p.m.6 views

CVE-2022-23614 Code injection in Twig

Twig is an open source template language for PHP. When in a sandbox mode, the arrow parameter of the sort filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of...

8.8CVSS9.8AI score0.08209EPSS
Exploits3References8
Rows per page
Query Builder