Lucene search
+L

248 matches found

UbuntuCve
UbuntuCve
added 3 days ago10 views

CVE-2026-46628

Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0...

5.4CVSS6.1AI score0.00169EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago11 views

CVE-2026-46627

Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...

7.1CVSS6.1AI score0.00385EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago15 views

CVE-2026-46638

Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...

8.1CVSS6.1AI score0.00265EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago13 views

CVE-2026-46633

Twig is a template language for PHP. Prior to 3.26.0, Compiler::string does not escape single quotes when a template name from a % use % tag is placed inside a PHP single-quoted string literal, allowing a crafted template name to terminate the string and inject arbitrary PHP expressions into the...

9.8CVSS6.2AI score0.00642EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago16 views

CVE-2026-47732

Twig is a template language for PHP. Prior to 3.26.0, several Twig language constructs trigger PHP string coercion on a Stringable operand without consulting SecurityPolicy::checkMethodAllowed, allowing a sandboxed template author to invoke toString on objects reachable in the render context...

7.1CVSS6.1AI score0.0036EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago8 views

CVE-2026-46629

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

6.5CVSS6.1AI score0.00302EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago11 views

CVE-2026-45305

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup used regular expressions with overlapping quantifiers for YAML directive, comment, and document marker cleanup,...

8.7CVSS6.1AI score0.0075EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago7 views

CVE-2026-45063

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $SERVER'SSLCLIENTSDN' with an unanchored regex that matches emailAddress= anywhere in the distinguishe...

9.1CVSS6.1AI score0.00323EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago16 views

CVE-2026-45069

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...

9.1CVSS6.1AI score0.00232EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago7 views

CVE-2026-45754

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook secrets but did not verify them, allowing unauthenticated POST...

6.9CVSS6.1AI score0.00348EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago8 views

CVE-2026-45755

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...

6.9CVSS6.1AI score0.00238EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago12 views

CVE-2026-45133

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, when the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline...

8.2CVSS6.1AI score0.00691EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago8 views

CVE-2026-45075

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, method-scoped IsGranted, IsSignatureValid, and IsCsrfTokenValid attributes can be configured for GET only, but Symfony routes HEAD requests to the GET handler while the...

8.3CVSS6.2AI score0.00382EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago7 views

CVE-2026-45070

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Mime\Header\ParameterizedHeader validates and encodes parameter values but emits parameter names verbatim, allowing a caller that derive...

6.5CVSS6.1AI score0.00292EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago15 views

CVE-2026-45753

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlAttributeSanitizer::getSupportedAttributes omits URL-valued attributes including action, formaction, poster, and cite, so configurations that adm...

6.1CVSS6.1AI score0.00297EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago8 views

CVE-2026-45304

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection aliases recursively, allowing a small untrusted YAML input to expand into a multi-gigabyte structur...

8.7CVSS6.1AI score0.00804EPSS
Exploits0References2
OSV
OSV
added 3 days ago5 views

UBUNTU-CVE-2026-45073

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, PdoAdapter::doClear builds a DELETE statement using a namespace derived from the caller-supplied $prefix without binding or escaping it, allowing a caller...

7.3CVSS6.1AI score0.0041EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 3 days ago6 views

CVE-2026-45067

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

6.3CVSS6.1AI score0.00619EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago12 views

CVE-2026-45065

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern built as ^ plus the raw requirement plus $; with ungrouped alternations, middle alternatives mat...

6.1CVSS6.1AI score0.00261EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 3 days ago8 views

CVE-2026-45074

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost, which reflects an attacker-controlled Host header when framework.trustedhosts is n...

8.1CVSS6.1AI score0.00402EPSS
Exploits0References2
Rows per page
Query Builder