Lucene search
+L
UbuntucveRecent

71772 matches found

ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-48806

Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-48808

Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed, so SourcePolicyInterface decisions are lost and a template author can read public or magic...

6CVSS6.1AI score0.0026EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-54572

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

7.5CVSS6.1AI score0.00343EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-59732

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS6.1AI score0.00144EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-59733

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS6.1AI score0.00523EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-48805

Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow, arraySome, and arrayEvery, allowing legacy calls such as twigarraysome, twigarrayevery, and twigcheckarrowinsandbox t...

5.3CVSS6.1AI score0.00276EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-48807

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

7.1CVSS6.1AI score0.00235EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

6CVSS6.1AI score0.00414EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2 days ago•9 views

CVE-2026-46640

Twig is a template language for PHP. From 3.15.0 until 3.26.0, self. and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier validation, causing raw PHP to be emitted into the generated template source and...

8.8CVSS6.1AI score0.00335EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•11 views

CVE-2026-46627

Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...

7.1CVSS6.1AI score0.00331EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•10 views

CVE-2026-47730

Twig is a template language for PHP. From 3.0.0 until 3.26.0, Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName into HTML output without escaping, allowing attacker-controlled template or profile names to inject arbitrary HTML when a browser renders the profiler dum...

5.4CVSS6.2AI score0.00269EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•13 views

CVE-2026-46633

Twig is a template language for PHP. Prior to 3.26.0, Compiler::string does not escape single quotes when a template name from a % use % tag is placed inside a PHP single-quoted string literal, allowing a crafted template name to terminate the string and inject arbitrary PHP expressions into the...

9.8CVSS6.2AI score0.0052EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•15 views

CVE-2026-46638

Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...

8.1CVSS6.1AI score0.0026EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•11 views

CVE-2026-46634

Twig is a template language for PHP. From 3.9.0 until 3.26.0, templatefromstring compiles an inner template under a synthesized stringtemplate name that can fall outside a SourcePolicyInterface sandbox decision, allowing a sandboxed template that can call templatefromstring and include to render ...

9.8CVSS6.1AI score0.00331EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•15 views

CVE-2026-47732

Twig is a template language for PHP. Prior to 3.26.0, several Twig language constructs trigger PHP string coercion on a Stringable operand without consulting SecurityPolicy::checkMethodAllowed, allowing a sandboxed template author to invoke toString on objects reachable in the render context...

7.1CVSS6.1AI score0.00371EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•8 views

CVE-2026-46629

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

6.5CVSS6.1AI score0.0026EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•8 views

CVE-2026-46635

Twig is a template language for PHP. Prior to 3.26.0, the column filter passes object arrays to PHP arraycolumn, which reads public and magic properties without reaching CoreExtension::getAttribute or SandboxExtension::checkPropertyAllowed, allowing an untrusted template author with column in...

5.3CVSS6.1AI score0.00371EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•9 views

CVE-2026-46628

Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0...

5.4CVSS6.1AI score0.0026EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•10 views

CVE-2026-46639

Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute with the sandbox argument hardcoded to false, disabling property and method policy checks and allowing an attacker with write access to a sandboxed Twig template to...

7.1CVSS6.1AI score0.00354EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•7 views

CVE-2026-46637

Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with issafe = all, causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly...

5.4CVSS6.1AI score0.00268EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-45363

ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. Prior to 2.10.3 and 3.2.0, JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token because OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key and no empty-key...

9.1CVSS6.9AI score0.00242EPSS
Exploits0References6
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-49476

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-49978

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.7, DOMPurify INPLACE sanitization could skip shadow contents attached to an element inside .content, allowing attacker-controlled markup such as event handlers, JavaScript URLs, or scripts to survive an...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-59889

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.18.0 until 2.18.9, 2.21.5, 2.22.1, 3.1.5, and 3.2.1, UnwrappedPropertyHandler.processUnwrapped replays buffered JSON for a @JsonUnwrapped property and calls...

6.5CVSS6.1AI score0.00416EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-49459

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitizeroot, INPLACE: true could preserve event-handler attributes on an attacker-controlled root when a descendant name clobbered properties checked by isClobbered, because forceRemove...

6.1CVSS6.1AI score0.00254EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-49477

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve contains a regular expression vulnerable to catastrophic backtracking when processing an attribute selector with an unterminated quoted value in...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-49853

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, SimpleAsyncHTTPClient shallow-copied redirected requests and removed only the Host header, leaving Authorization, authusername, authpassword, and authmode in place when a redirect changed scheme, host, or port...

7.7CVSS6.1AI score0.00486EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-49855

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, Tornado gzip decompression routines processed limited-size chunks but did not enforce an overall limit on accumulated decompressed chunks, allowing a malicious server accessed by SimpleAsyncHTTPClient or an...

7.5CVSS6.1AI score0.00691EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-48801

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has ON² algorithmic complexity for inputs containing many fuzzy links or emails because the JavaScript-level scan loop re-slices input and re-runs...

8.7CVSS6.1AI score0.00445EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-49458

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitizenode, INPLACE: true accepted same-origin foreign-realm DOM nodes while follow-on checks used parent-realm constructors, causing instanceof checks for forms, named node maps, documen...

6.1CVSS6AI score0.00288EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-49854

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...

5.3CVSS6.1AI score0.0045EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-48125

UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user-agent data. From 2.0.1 until 2.0.10, a regular expression denial-of-service vulnerability exists when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application th...

5.3CVSS6.1AI score0.00371EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2 days ago•11 views

CVE-2026-46644

Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process does not enforce the UTS 46...

6.9CVSS6.1AI score0.00394EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15765

Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS6.2AI score0.00297EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15768

Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.1AI score0.00256EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15770

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.1AI score0.0033EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15772

Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6.1AI score0.00244EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15774

Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6.1AI score0.00244EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15776

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.4AI score0.00344EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15778

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6.1AI score0.00256EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15764

Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS6.2AI score0.00297EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15766

Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.1AI score0.00331EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15767

Heap buffer overflow in libyuv in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. Chromium security severity: High...

8.8CVSS6.5AI score0.00326EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15769

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6.2AI score0.0026EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15771

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS6.1AI score0.00303EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15775

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.1AI score0.00256EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15773

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS6.2AI score0.00264EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•2 views

CVE-2026-15777

Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.1AI score0.00287EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2 days ago•6 views

CVE-2026-47212

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, TwilioRequestParser::doParse received the configured webhook secret but ignored the X-Twilio-Signature HMAC header, allowing unauthenticated POST requests to inje...

6.9CVSS6.1AI score0.00303EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2 days ago•11 views

CVE-2026-45068

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, SendmailTransport in -t mode appended recipient addresses to the sendmail command line without a -- end-of-options separator, allowing an address beginnin...

8.7CVSS6.1AI score0.00461EPSS
Exploits0References2
Total number of security vulnerabilities71772