Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-47732 | Twig Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points | |
| CVE-2026-48806 | Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys | |
| CVE-2026-48805 | Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php` | |
| CVE-2026-48808 | Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterfa | |
| CVE-2026-48807 | Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filte | |
| CVE-2026-49981 | Twig: Sandbox filter, tag and function allow-list bypass when sandbox state changes betwee | |
| CVE-2026-46635 | Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects) | |
| CVE-2026-46638 | Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete f | |
| CVE-2026-46628 | Twig: The `spaceless` filter implicitly marks its output as safe | |
| CVE-2026-46640 | Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation | |
| CVE-2026-46637 | Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']` | |
| CVE-2026-46639 | Twig: Sandbox property and method bypass via object-destructuring assignment | |
| CVE-2026-46627 | Twig: Sandbox resource exhaustion via unbounded `for` / `range()` | |
| CVE-2026-46634 | Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized templ | |
| CVE-2026-46633 | Twig: PHP code injection via `{% use %}` template name | |
| CVE-2026-46629 | Twig: Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled argu |
No comments yet