CVE-2026-26120

Server-side request forgery ssrf in Microsoft Bing allows an unauthorized attacker to perform tampering over a network...

CVE-2023-26120

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

CVE-2024-26120

Adobe Experience Manager (AEM) versions 6.5.19 and earlier are affected by a stored XSS vulnerability in vulnerable form fields. Root cause: inadequate input handling allows attacker-supplied script to be stored and later executed in a victim’s browser when visiting the page. Impact: cross-site s...

Ubuntu 20.04 ESM : Smarty vulnerabilities (USN-5348-3)

The remote Ubuntu 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5348-3 advisory. USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454...

Ubuntu 16.04 ESM : Smarty vulnerabilities (USN-5348-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5348-2 advisory. USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454...

CVE-2023-26120

creationtimestamp| type| source ---|---|--- 2023-04-10 12:22:29+00:00| seen| https://t.me/cibsecurity/61739...

CVE-2023-26120

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

CVE-2023-26120

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

CVE-2023-26120

CVE-2023-26120 affects com.xuxueli:xxl-job; multiple sources confirm an HTML payload can be executed via /xxl-job-admin/user/add and /xxl-job-admin/user/update, enabling cross-site scripting (XSS). Affected versions include 2.4.0 and earlier, with the issue originating from unsafe handling of HTM...

Ubuntu: Security Advisory (USN-5348-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-26120

creationtimestamp| type| source ---|---|--- 2022-07-18 22:39:59+00:00| seen| https://t.me/cibsecurity/46497...

CVE-2022-26120

CVE-2022-26120 affects FortiADC management interface (versions 7.0.0–7.0.1 and 5.0.0–6.2.2). The root cause is improper neutralization of special elements in SQL commands (SQL Injection). Exploitation vector: authenticated attacker can craft HTTP requests to trigger unauthorized code or commands ...

USN-5348-3: Smarty vulnerabilities

USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 20.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths prese...

Debian DSA-5151-1 : smarty3 - security update

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5151 advisory. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3,...

Mageia: Security Advisory (MGASA-2021-0335)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : Bacula-Web -- Multiple Vulnerabilities (f05dbd1f-2599-11ec-91be-001b217b3468)

Bacula-Web reports : Address Smarty CVE %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2021 Jacques Vidrine and contributors Redistribution and use in source VuXML and...

GLSA-202105-06 : Smarty: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202105-06 Smarty: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Smarty template engine. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE...

[SECURITY] [DLA 2618-1] smarty3 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2618-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA April 05, 2021 https://wiki.debian.org/LTS -...

CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...

CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...