Lucene search
+L

633 matches found

redhatcve
redhatcve
added 2 days ago4 views

CVE-2026-48805

A flaw was found in Twig, a template language for PHP. Deprecated internal wrappers in the src/Resources/core.php file do not correctly forward the sandbox state. This allows legacy function calls, such as twigarraysome, to bypass security restrictions imposed by the sandbox. An attacker could...

9.1CVSS6AI score0.00276EPSS
Exploits0References2
cvelist
cvelist
added 3 days ago38 views

CVE-2026-48805 Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`

Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow, arraySome, and arrayEvery, allowing legacy calls such as twigarraysome, twigarrayevery, and twigcheckarrowinsandbox t...

5.3CVSS0.00276EPSS
Exploits0References3
cve
cve
added 3 days ago31 views

CVE-2026-48805

Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow, arraySome, and arrayEvery, allowing legacy calls such as twigarraysome, twigarrayevery, and twigcheckarrowinsandbox t...

9.1CVSS6.1AI score0.00276EPSS
Exploits0References3Affected Software1
euvd
euvd
added 3 days ago5 views

EUVD-2026-43571

OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...

6.9CVSS6.2AI score0.00184EPSS
Exploits0References3
nvd
nvd
added 4 days ago6 views

CVE-2026-62193

OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...

6.9CVSS0.00184EPSS
Exploits0References2
cvelist
cvelist
added 4 days ago34 views

CVE-2026-62193 OpenClaw 2026.6.5 < 2026.6.9 Authentication Bypass via Plugin Install

OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...

6.9CVSS0.00184EPSS
Exploits0References2
cve
cve
added 4 days ago9 views

CVE-2026-62193

OpenClaw is affected: versions 2026.6.5 to before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy (authorization) check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist ...

6.9CVSS6.2AI score0.00184EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/30 6:41 p.m.4 views

GHSA-P42Q-9PRX-Q5WQ Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`

Description The 3.26.0 source-policy hardening changed the signature of CoreExtension::checkArrow to take a boolean $isSandboxed instead of an Environment, and added the same $isSandboxed argument to CoreExtension::arraySome and CoreExtension::arrayEvery. Compiled templates were updated to pass t...

5.3CVSS5.8AI score0.00276EPSS
Exploits0References5
github
github
added 2026/06/30 6:41 p.m.8 views

Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`

Description The 3.26.0 source-policy hardening changed the signature of CoreExtension::checkArrow to take a boolean $isSandboxed instead of an Environment, and added the same $isSandboxed argument to CoreExtension::arraySome and CoreExtension::arrayEvery. Compiled templates were updated to pass t...

9.1CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
nessus
nessus
added 2026/06/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats...

5.5CVSS6AI score0.0009EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/29 11:19 a.m.9 views

CVE-2026-53323

A flaw was found in the Linux kernel's Distributed Switch Architecture DSA subsystem. Redundant locking operations within the DSA conduit ethtool wrappers can lead to a deadlock. A local attacker can exploit this by using the ethtool -i command, causing the system to become unresponsive and...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/29 8:44 a.m.8 views

CVE-2026-57434

A flaw was found in Nokogiri, an open source XML and HTML library for the Ruby programming language. A remote attacker could exploit this vulnerability by calling specific methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This could lead to a NUL...

7.5CVSS5.8AI score0.00357EPSS
Exploits0References4
susecve
susecve
added 2026/06/28 1:8 a.m.7 views

SUSE CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.8AI score0.0009EPSS
Exploits0References3
nvd
nvd
added 2026/06/26 8:17 p.m.6 views

CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.5CVSS0.0009EPSS
Exploits0References3
osv
osv
added 2026/06/26 8:17 p.m.4 views

DEBIAN-CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.5CVSS5.7AI score0.0009EPSS
Exploits0References1
osv
osv
added 2026/06/26 8:17 p.m.4 views

UBUNTU-CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.5CVSS5.7AI score0.0009EPSS
Exploits0References6
debiancve
debiancve
added 2026/06/26 7:41 p.m.7 views

CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.5CVSS5.7AI score0.0009EPSS
Exploits0
euvd
euvd
added 2026/06/26 7:41 p.m.11 views

EUVD-2026-39858

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.8AI score0.0009EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/26 7:41 p.m.8 views

CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.8AI score0.0009EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/06/26 7:41 p.m.3 views

CVE-2026-53323 net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References6
Rows per page
Query Builder