Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.1 HIGH
CVE-2026-48807 — Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filt…

Twig is a template language for PHP. Prior to 3.27.0, the sandbox __toString() checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not …

twig | Remote | Misconfiguration
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.1 HIGH
CVE-2026-48806 — Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys

Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke __toString() on a Stringable object used …

twig | Remote | Injection
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.3 MEDIUM
CVE-2026-48805 — Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`

Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow(), arraySome(), and …

twig | Remote | Misconfiguration
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.2 MEDIUM
CVE-2026-48357 — CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust sys…

| Denial of Service
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
6.2 MEDIUM
CVE-2026-48354 — CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the…

| Denial of Service
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
5.5 MEDIUM
CVE-2026-48353 — CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files…

| Path Traversal
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.5 HIGH
CVE-2026-48352 — CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the appl…

Remote | Denial of Service
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.5 HIGH
CVE-2026-48351 — CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the appl…

Remote | Denial of Service
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.8 HIGH
CVE-2026-48337 — Illustrator | Out-of-bounds Write (CWE-787)

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction …

| Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.8 HIGH
CVE-2026-48336 — Illustrator | Out-of-bounds Write (CWE-787)

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction …

| Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.8 HIGH
CVE-2026-48335 — Illustrator | Out-of-bounds Write (CWE-787)

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction …

| Memory Corruption
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.3 CRITICAL
CVE-2026-48334 — Illustrator | Improper Input Validation (CWE-20)

Illustrator is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…

Remote | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
6.8 MEDIUM
CVE-2026-48312 — CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security meas…

| Authorization
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
6.2 MEDIUM
CVE-2026-48302 — CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the appl…

| Denial of Service
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
6.2 MEDIUM
CVE-2026-48298 — CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to c…

| Denial of Service
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
6.2 MEDIUM
CVE-2026-48296 — CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to c…

| Denial of Service
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.5 HIGH
CVE-2026-48295 — CAI Content Credentials | Insufficiently Protected Credentials (CWE-522)

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to…

Remote | Authentication
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
8.2 HIGH
CVE-2026-48290 — CAI Content Credentials | Server-Side Request Forgery (SSRF) (CWE-918)

CAI Content Credentials is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit t…

| Server-Side Request Forgery
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.4 HIGH
CVE-2026-48287 — CAI Content Credentials | Untrusted Search Path (CWE-426)

CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond th…

| Path Traversal
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
8.6 HIGH
CVE-2026-48275 — Illustrator | Untrusted Search Path (CWE-426)

Illustrator is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio…

| Misconfiguration
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
Showing 20 of 8375 Results