CVE-2026-35460

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. An attacker who registers with a display name containing HTML tags will have those tags injected...

EUVD-2020-0271

Malware in sbrugna...

EUVD-2021-32817

Malicious code in bioql PyPI...

CVE-2024-6201 HaloITSM - Emailing Template Injection

HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 and patches starting from 2.143.61 fix the mentioned vulnerability...

CVE-2021-39115

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a ServerSide Template Injection vulnerability in the Email Template feature. The affected...

CVE-2019-8228

The CVE-2019-8228 entry concerns Magento versions prior to 1.9.4.3 and 1.14.4.3, where an authenticated user with limited admin privileges can inject arbitrary JavaScript into the transactional email page when creating or editing email templates. The vulnerability appears to be an XSS issue withi...