Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary JavaScript in the browser context of administrators by injecting unsanitized...
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host
BoxLite: Permission Bypass Allows Modification of Read-Only Files
@nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty
containerd user ID handling bypass allows runAsNonRoot evasion
js-libp2p: Memory DoS via subscription flood of unique topics
Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580)
Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory
SQLAdmin: Authorization Bypass on `ajax_lookup`
Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation
Twig: Sandbox property and method bypass via object-destructuring assignment
Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects)
Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
Twig: PHP code injection via `{% use %}` template name
twig/intl-extra: Unbounded formatter memoisation in keyed on template-controlled arguments
Twig: The `spaceless` filter implicitly marks its output as safe
JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection
Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method in concrete/controllers/single_page/dashboard/system/update/update.php never calls $this->token->validate('do_update&#...