Linux Distros Unpatched Vulnerability : CVE-2026-29078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lexbor is a web browser engine library. Prior to 2.7.0, the ISO2022JP encoder in Lexbor fails to reset the temporary size variable between iterations. The...

CVE-2024-29078

creationtimestamp| type| source ---|---|--- 2025-03-28 19:29:07+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9439...

Linux Distros Unpatched Vulnerability : CVE-2022-29078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is...

Exploit for Code Injection in Ejs

CVE-2022-29078 Simple PoC for CVE-2022-29078 vuln ej...

Exploit for Code Injection in Ejs

THM Challenge: SSTI RCE...

RHEL 8 : pcs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ejs: server-side template injection in outputFunctionName CVE-2022-29078 - The package handlebars before...

CVE-2024-29078

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings...

CVE-2024-29078

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings...

CVE-2024-29078

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings...

CVE-2024-29078

MosP kintai kanri is affected by CVE-2024-29078 in versions 4.6.6 and earlier. The root cause is an incorrect permission assignment for a critical resource, which could allow a remote unauthenticated attacker with access to the product to alter product settings. The issue is documented across mul...

CVE-2023-29078

creationtimestamp| type| source ---|---|--- 2023-06-27 08:54:53+00:00| published-proof-of-concept| https://t.me/androidMalware/1890...

Kiddoware Kids Place Parental Control Android App 3.8.49 XSS / CSRF / File Upload Vulnerabilities

======================================================================= title: Multiple Vulnerabilities product: Kiddoware Kids Place Parental Control Android App vulnerable version: =3.8.49 fixed version: 3.8.50 or higher CVE number: CVE-2023-28153, CVE-2023-29078, CVE-2023-29079 impact: High...

IBM Cognos Analytics Multiple Vulnerabilities (6616285)

The version of IBM Cognos Analytics installed on the remote host is affected by multiple vulnerabilities, including the following: - The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed ...

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to ejs [CVE-2022-29078]

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to ejs CVE-2022-29078 with details below Vulnerability Details CVEID:CVE-2022-29078 DESCRIPTION: Node.js ejs module could allow a remote attacker to execute arbitrary code on the system, caused b...

Security Bulletin: IBM Integration Bus is vulnerable to arbitrary code execution due to Node.js ejs module (CVE-2022-29078)

Summary IBM Integration Bus is vulnerable to arbitrary code execution due to Node.js ejs module. Mitigation steps to disable node.js have been recommended. CVE-2022-29078 Vulnerability Details CVEID: CVE-2022-29078 DESCRIPTION: Node.js ejs module could allow a remote attacker to execute arbitrary...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to code injection due to CVE-2022-29078

Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for JavaScript templating. All IBM App Connect Enterprise Certified Container DesignerAuthoring operands, and IntegrationServer operands that run Designer flows may be vulnerable to code injection. This bulletin...

CVE-2022-29078

A Command injection attack was found in ejs Embedded JavaScript templates for Node.js, which allows an attacker to execute server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary ...

CVE-2022-29078

creationtimestamp| type| source ---|---|--- 2022-04-25 18:36:10+00:00| seen| https://t.me/cibsecurity/41385 2022-07-19 10:13:43+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/6378 2022-07-19 12:12:47+00:00| published-proof-of-concept|...

CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...