composer
composer
- CVE-2026-48507 - Snipe-IT bulk user lockout privilege escalation
- CVE-2026-54329 - Snipe-IT cross-tenant accessory injection
- CVE-2026-48062 - CodeIgniter4 ext_in upload validation bypass
- CVE-2026-49741 - TYPO3 form framework privilege escalation and SQL injection
- CVE-2026-45034 - PHPSpreadsheet PHAR wrapper patch bypass
- CVE-2026-45063 - Symfony X509Authenticator DN identity spoofing
- CVE-2026-46636 - Twig cached template sandbox-state bypass
- CVE-2026-47742 - Shopper product Livewire authorization bypass
- CVE-2026-47745 - Shopper payment, currency, and carrier authorization bypass
- CVE-2026-24425 - Twig SourcePolicyInterface callback bypass
- CVE-2026-41236 - Froxlor SSH key symlink root access
- CVE-2026-46640 - Twig macro-reference compilation RCE
- CVE-2026-47732 - Twig toString sandbox bypass
- CVE-2026-47743 - Shopper admin Livewire integrity and disclosure flaws
- CVE-2026-47744 - Shopper team RBAC privilege escalation
- CVE-2026-47759 - TinyMCE data-mce attribute XSS
- CVE-2026-47760 - TinyMCE nested SVG sanitizer XSS
- CVE-2026-47761 - TinyMCE media data-mce-object XSS
- CVE-2026-47762 - TinyMCE mce:protected comment XSS
- GHSA-54pg-9963-v8vg - Intercom client package compromise
- CVE-2026-41247 - elFinder ImageMagick bg command injection