SUSE CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

Improper Neutralization of Special Elements Used in a Template Engine

Overview dynaconf is a The dynamic configurator for your Python Project Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to unsafe template evaluation in the @Jinja resolver. An attacker can execute arbitrary code by...

UBUNTU-CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

CVE-2026-33154 dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

CVE-2026-33154 dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000157)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000157 advisory. An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL...

PT-2025-53669

Name of the Vulnerable Software and Affected Versions PbootCMS versions prior to 3.2.13 Description A weakness exists in PbootCMS up to version 3.2.12. The issue affects an unknown function within the SQLite Database component, specifically the file /data/pbootcms.db. Successful manipulation can...

EUVD-2025-5093

Malicious code in bioql PyPI...

EUVD-2024-34387

Malicious code in bioql PyPI...

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-45339 DESCRIPTION: When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log fil...

WordPress plugin Nested Pages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-26612

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, adicionaralmoxarife.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

CVE-2025-26608

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, dependentedocdependente.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing...

CVE-2025-26605 SQL Injection endpoint 'deletar_cargo.php' parameter 'id_cargo' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access...

CVE-2025-26605

WeGIA (Web Manager for Institutions) has a SQL Injection vulnerability in the deletar_cargo.php endpoint, specifically the id_cargo parameter, that could allow an authorized attacker to execute arbitrary SQL and access sensitive data. The issue is addressed in version 3.2.13; upgrading is advised...

CVE-2025-26606 SQL Injection endpoint 'informacao_adicional.php' parameter 'id_descricao' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, informacaoadicional.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

CVE-2025-26606 SQL Injection endpoint 'informacao_adicional.php' parameter 'id_descricao' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, informacaoadicional.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

CVE-2025-26608

WeGIA (open source Web Manager) has a SQL Injection in the dependente_docdependente.php endpoint (affecting parameters like id_dependente and id_doc) that allows arbitrary SQL execution and unauthorized data access. Root cause: improper input handling leading to query manipulation. Impact: potent...