633 matches found
CVE-2026-48805
A flaw was found in Twig, a template language for PHP. Deprecated internal wrappers in the src/Resources/core.php file do not correctly forward the sandbox state. This allows legacy function calls, such as twigarraysome, to bypass security restrictions imposed by the sandbox. An attacker could...
CVE-2026-48805 Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`
Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow, arraySome, and arrayEvery, allowing legacy calls such as twigarraysome, twigarrayevery, and twigcheckarrowinsandbox t...
CVE-2026-48805
Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow, arraySome, and arrayEvery, allowing legacy calls such as twigarraysome, twigarrayevery, and twigcheckarrowinsandbox t...
EUVD-2026-43571
OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...
CVE-2026-62193
OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...
CVE-2026-62193 OpenClaw 2026.6.5 < 2026.6.9 Authentication Bypass via Plugin Install
OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...
CVE-2026-62193
OpenClaw is affected: versions 2026.6.5 to before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy (authorization) check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist ...
GHSA-P42Q-9PRX-Q5WQ Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`
Description The 3.26.0 source-policy hardening changed the signature of CoreExtension::checkArrow to take a boolean $isSandboxed instead of an Environment, and added the same $isSandboxed argument to CoreExtension::arraySome and CoreExtension::arrayEvery. Compiled templates were updated to pass t...
Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`
Description The 3.26.0 source-policy hardening changed the signature of CoreExtension::checkArrow to take a boolean $isSandboxed instead of an Environment, and added the same $isSandboxed argument to CoreExtension::arraySome and CoreExtension::arrayEvery. Compiled templates were updated to pass t...
Linux Distros Unpatched Vulnerability : CVE-2026-53323
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats...
CVE-2026-53323
A flaw was found in the Linux kernel's Distributed Switch Architecture DSA subsystem. Redundant locking operations within the DSA conduit ethtool wrappers can lead to a deadlock. A local attacker can exploit this by using the ethtool -i command, causing the system to become unresponsive and...
CVE-2026-57434
A flaw was found in Nokogiri, an open source XML and HTML library for the Ruby programming language. A remote attacker could exploit this vulnerability by calling specific methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This could lead to a NUL...
SUSE CVE-2026-53323
In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...
CVE-2026-53323
In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...
DEBIAN-CVE-2026-53323
In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...
UBUNTU-CVE-2026-53323
In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...
CVE-2026-53323
In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...
EUVD-2026-39858
In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...
CVE-2026-53323
In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...
CVE-2026-53323 net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops
In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...