5 matches found
CVE-2026-46637
Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with issafe = all, causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly...
CVE-2026-46634 Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
Twig is a template language for PHP. From 3.9.0 until 3.26.0, templatefromstring compiles an inner template under a synthesized stringtemplate name that can fall outside a SourcePolicyInterface sandbox decision, allowing a sandboxed template that can call templatefromstring and include to render ...
PT-2026-44982
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description A heap-buffer-overflow write can be triggered in the client when connecting to a malicious RDP server that sends crafted RDPGFX PDUs Protocol Data Units. The issue occurs in the gdi CacheToSurface...
PT-2026-5316
Name of the Vulnerable Software and Affected Versions Kata Containers versions prior to 3.26.0 Description Kata Containers is an open source project implementing lightweight Virtual Machines VMs functioning like containers. In versions prior to 3.26.0, a malformed or layerless container image can...
WordPress CSV to html plugin <= 3.26 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin CSV to html versions = 3.26...