Lucene search
K

4826 matches found

NVD
NVD
added yesterday6 views

CVE-2026-46628

Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0...

5.1CVSS0.00056EPSS
Exploits0References3
Cvelist
Cvelist
added yesterday23 views

CVE-2026-46628 Twig: The `spaceless` filter implicitly marks its output as safe

Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0...

5.1CVSS0.00056EPSS
Exploits0References3
CVE
CVE
added yesterday16 views

CVE-2026-46628

CVE-2026-46628 affects Twig (PHP template engine). Before 3.26.0, the deprecated spaceless filter was registered as safe for HTML, causing Twig autoescaping to emit attacker‑controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0. Affected: ...

5.1CVSS6.1AI score0.00056EPSS
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-15771

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS
Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-15769

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday25 views

CVE-2026-15778

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-15778

CVE-2026-15778 affects Google Chrome navigation logic prior to version 150.0.7871.125, due to insufficient validation of untrusted input in Navigation. An attacker who compromises the renderer could bypass navigation restrictions via a crafted HTML page. The issue is addressed in Chrome 150.0.787...

6.5CVSS6.1AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday6 views

CVE-2026-15771

CVE-2026-15771 affects Google Chrome on Windows prior to 150.0.7871.125. The vulnerability arises from insufficient validation of untrusted input in the Media component, allowing a remote attacker who has compromised the renderer process to potentially read sensitive information from process memo...

5.3CVSS6.1AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday21 views

CVE-2026-45133

CVE-2026-45133 affects Symfony YAML parsing: when fed attacker-controlled input, deeply nested mappings/sequences can cause unbounded recursion in both Parser::parseBlock() and Inline::parseSequence()/Inline::parseMapping(), exhausting PHP stack and crashing workers. Affected versions include Sym...

8.2CVSS6.1AI score0.00089EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-45133 Symfony: [Yaml] Harden the parser when handling untrusted input

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, when the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline...

8.2CVSS0.00089EPSS
Exploits0References5
CVE
CVE
added yesterday39 views

CVE-2026-45070

This CVE concerns Symfony's Mime ParameterizedHeader: parameter names are emitted verbatim in serialized headers, allowing CRLF or non-token bytes to be injected via untrusted input. Affected component: Symfony\Component\Mime\Header\ParameterizedHeader (and related Headers). Root cause: names are...

6.5CVSS6.1AI score0.00056EPSS
Exploits0References6Affected Software1
NVD
NVD
added yesterday5 views

CVE-2026-59884

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with C...

7.5CVSS
Exploits0References3
AlpineLinux
AlpineLinux
added yesterday5 views

CVE-2026-59884

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with C...

7.5CVSS6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added yesterday7 views

ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting XSS by providing untrusted input to the Address6 constructor. When an application renders the output of...

8.1CVSS6.9AI score0.00471EPSS
Exploits1References5
NVD
NVD
added yesterday5 views

CVE-2026-12583

The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, via a property-oriented gadget chain bundled with the Newsletters WordPress plugin before 4.15, wri...

8.1CVSS0.00174EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43627

The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, via a property-oriented gadget chain bundled with the Newsletters WordPress plugin before 4.15, wri...

8.1CVSS6.4AI score0.00174EPSS
Exploits0References1
OSV
OSV
added 2 days ago3 views

CVE-2026-57432 Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack

Perl versions through 5.43.10 have an integer overflow in Smeasurestruct leading to an out-of-bounds heap read in pack and unpack. Smeasurestruct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the...

8.4CVSS6.2AI score0.00207EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS0.00163EPSS
Exploits0References4
NVD
NVD
added 6 days ago8 views

CVE-2026-54002

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize, Sane::sanitize, Sane::Html::sanitize, Sane::Svg::sanitize, Sane::Xml::sanitize, Sane::sanitizeFile, or file sanitizeContents with untruste...

8.5CVSS0.00409EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-54002

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize, Sane::sanitize, Sane::Html::sanitize, Sane::Svg::sanitize, Sane::Xml::sanitize, Sane::sanitizeFile, or file sanitizeContents with untruste...

8.5CVSS5.5AI score0.00409EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder