LiquidJS is Vulnerable to Remote Code Execution

Summary It is possible to execute arbitrary code with crafted templates Details 1|valueOf - this when evaluating the filter liquid %assign r=1|valueOf% r|inspect json...

GHSA-GF2Q-C269-PQGC LiquidJS is Vulnerable to Remote Code Execution

Summary It is possible to execute arbitrary code with crafted templates Details 1|valueOf - this when evaluating the filter liquid %assign r=1|valueOf% r|inspect json...

PT-2026-44157

Name of the Vulnerable Software and Affected Versions liquidjs versions prior to 10.26.0 Description An issue allows unauthenticated attackers to achieve remote code execution and server compromise through crafted templates. The flaw is triggered by abusing filter evaluation, prototype...

PT-2026-37176

Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.80.5 through 1.83.6 Description The 'POST /prompts/test' endpoint accepts user-supplied prompt templates and renders them without sandboxing. An authenticated user with a valid proxy API key can provide a crafted template to...

CVE-2026-40320

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...

Improper Neutralization of Special Elements Used in a Template Engine

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the template formatting. An attacker can access internal object fields or nested data by...

EUVD-2021-2243

Malware in sbrugna...

CVE-2024-35194

Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs,...

CVE-2025-47916

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller file: /applications/core/modules/front/system/themeeditor.php, where a protected method named customCss can be invoked by...

GHSA-MM3M-5497-XGGG Elasticsearch Uncontrolled Resource Consumption Vulnerability

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash...

UBUNTU-CVE-2024-52979

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash...

The vulnerability of the signer-package processor in Nucleus scanners allows a perpetrator to execute arbitrary code.

The vulnerability of the signer-package processor in Nuclei scanners exists because measures to neutralize special elements are not taken. Exploiting this vulnerability allows an attacker to execute arbitrary code by running a specially crafted template with user input...

CVE-2024-35194 Stacklok Minder vulnerable to denial of service from maliciously crafted templates

Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs,...

GHSA-CRGC-2583-RW27 Stacklok Minder vulnerable to denial of service from maliciously crafted templates

Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs, messages for pull requests, descriptions for advisories. In some cases can the...

pyload 安全漏洞

pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. pyload has a security vulnerability. An authenticated user could change the download folder and upload carefully crafted templates to a...

The vulnerability of the software for centralized device management in Fortinet’s FortiManager system lies in errors during the elimination of specific elements in the template creation mechanism. This allows a malicious actor to execute arbitrary code.

The vulnerability of the software for centralized device management in Fortinet FortiManager is related to errors during the elimination of specific elements in the template creation mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially created...

CVE-2023-47542

A improper neutralization of special elements used in a template engine CWE-1336 in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates...

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date center exists due to the failure to take measures to neutralize special elements. This allows attackers to execute arbitrary code.

The vulnerability of the Atlassian Confluence Server and the Confluence Data Center exists due to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted template...

The vulnerability of the software interface for coordinating the operation of cybersecurity systems and for managing real-time incident responses in Fortinet FortiSOAR allows a perpetrator to execute arbitrary code.

The vulnerability of the software interface for coordinating the operation of cybersecurity systems and for managing real-time incident responses in Fortinet FortiSOAR is related to errors in eliminating special elements within the template creation mechanism. Exploiting this vulnerability allows...

nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of...