13 matches found
EUVD-2024-3201
Malicious code in bioql PyPI...
EUVD-2024-3273
Malicious code in bioql PyPI...
EUVD-2022-6700
Malicious code in bioql PyPI...
EUVD-2025-0128
Malicious code in bioql PyPI...
CVE-2024-51754
Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...
Linux Distros Unpatched Vulnerability : CVE-2024-51755
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They...
CVE-2025-24374
Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0...
CVE-2025-24374
Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0...
CVE-2025-24374
Twig is a PHP template engine. The vulnerability CVE-2025-24374 concerns missing output escaping for the left side of the null coalescing operator (??). The issue is fixed in Twig 3.19.0. Severity in CVSSv3.1 is MEDIUM (4.3), but the document notes no exploitation details. Connected sources (NVD/...
UBUNTU-CVE-2024-51755
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...
CVE-2022-39261 Twig may load a template outside a configured directory when using the filesystem loader
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the source or include statement to read arbitrary files from outsi...
DEBIAN-CVE-2022-23614
Twig is an open source template language for PHP. When in a sandbox mode, the arrow parameter of the sort filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of...
CVE-2022-23614 Code injection in Twig
Twig is an open source template language for PHP. When in a sandbox mode, the arrow parameter of the sort filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of...