CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

66 matches found

EUVD•added 2025/10/13 3:31 p.m.•3 views

EUVD-2025-34069

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...

9.1CVSS6.2AI score0.00057EPSS

Exploits0References2

OSV•added 2025/10/13 2:15 p.m.•0 views

CVE-2025-37729

7.2CVSS5.8AI score0.00057EPSS

Exploits0References1

NVD•added 2025/10/13 2:15 p.m.•1 views

CVE-2025-37729

9.1CVSS0.00057EPSS

Exploits0References1

Vulnrichment•added 2025/10/13 1:47 p.m.•1 views

CVE-2025-37729 Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine

9.1CVSS6.3AI score0.00057EPSS

Exploits0References1

Cvelist•added 2025/10/13 1:47 p.m.•5 views

CVE-2025-37729 Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine

9.1CVSS0.00057EPSS

Exploits0References1

CVE•added 2025/10/13 1:47 p.m.•15 views

CVE-2025-37729

Elastic Cloud Enterprise (ECE) is affected by CVE-2025-37729 due to improper neutralization of Jinjava template elements. The issue allows a user with Admin access to exfiltrate sensitive information and issue commands through a specially crafted string that causes Jinjava variables to be evaluat...

9.1CVSS6.3AI score0.00057EPSS

Exploits0References1Affected Software1

Elastic•added 2025/10/13 1:44 p.m.•6 views

Elastic Cloud Enterprise (ECE) 3.8.2 and 4.0.2 Security Update (ESA-2025-21)

Elastic Cloud Enterprise ECE Improper Neutralization of Special Elements Used in a Template Engine ESA-2025-21 Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information a...

9.1CVSS6.9AI score0.00057EPSS

Exploits0

Positive Technologies•added 2025/10/13 12:0 a.m.•1 views

PT-2025-41785

Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise versions 2.5.0 through 3.8.1 Elastic Cloud Enterprise version 4.0.0 through 4.0.1 Description An issue exists in Elastic Cloud Enterprise ECE related to the improper handling of special elements within its template...

9.1CVSS7.9AI score0.00057EPSS

Exploits0References21

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-0172

Malware in sbrugna...

5.3CVSS5.8AI score0.00453EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-0760

Malicious code in bioql PyPI...

6.8CVSS6.5AI score0.00328EPSS

Exploits1References6

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-29780

Malicious code in bioql PyPI...

10CVSS6.6AI score0.01267EPSS

Exploits0References5

RedhatCVE•added 2025/09/19 8:37 p.m.•1 views

CVE-2025-59340

jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Priori to 2.8.1, by using mapper.getTypeFactory.constructFromCanonical, it is possible to instruct the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary classe...

9.8CVSS8AI score0.01267EPSS

Exploits0References1

Snyk•added 2025/09/17 8:43 p.m.•4 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview com.hubspot.jinjava:jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates at least the subset of jinja in use in HubSpot content. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a...

10CVSS7.5AI score0.01267EPSS

Exploits0References2

vulnersOsv•added 2025/09/17 8:43 p.m.•3 views

ai.starlake:starlake-streaming_2.13 (>=1.3.3 <=1.3.5), chat.octet:llama-java-core (>=1.4.1 <=1.4.2) +296 more potentially affected by CVE-2025-59340 via com.hubspot.jinjava:jinjava (>=2.0.5 <=2.8.0)

com.hubspot.jinjava:jinjava MAVEN version =2.0.5, =1.3.3, =1.4.1, =0.0.80, =1.0.6, =1.0.6, =1.0.6, =1.0.2, =1.0.2, =0.1.0, =1.3.0, =0.3.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.1.6 and more Source cves: CVE-2025-59340 Source advisory: SNYK:JAVA-COMHUBSPOTJINJAVA-12878604...

10CVSS6AI score0.01267EPSS

Exploits0

NVD•added 2025/09/17 8:15 p.m.•4 views

CVE-2025-59340

10CVSS0.01267EPSS

Exploits0References3

CVE•added 2025/09/17 8:1 p.m.•34 views

CVE-2025-59340

Summary: CVE-2025-59340 affects jinjava (Java-based template engine). The issue arises when mapper.getTypeFactory().constructFromCanonical() allows attacker-controlled input to deserialize into arbitrary classes via ObjectMapper, enabling sandbox escape and potential access to local files/URLs (e...

10CVSS7.6AI score0.01267EPSS

Exploits0References3Affected Software1

OSV•added 2025/09/17 8:1 p.m.•8 views

CVE-2025-59340 jinjava Sandbox Bypass via JavaType-Based Deserialization

9.8CVSS7.9AI score0.01267EPSS

Exploits0References5

Cvelist•added 2025/09/17 8:1 p.m.•6 views

CVE-2025-59340 jinjava Sandbox Bypass via JavaType-Based Deserialization

9.8CVSS0.01267EPSS

Exploits0References3

Vulnrichment•added 2025/09/17 8:1 p.m.•2 views

CVE-2025-59340 jinjava Sandbox Bypass via JavaType-Based Deserialization

9.8CVSS7.6AI score0.01267EPSS

Exploits0References3

vulnersOsv•added 2025/09/17 7:56 p.m.•3 views

ai.starlake:starlake-streaming_2.13 (>=1.3.3 <=1.3.5), chat.octet:llama-java-core (>=1.4.1 <=1.4.2) +294 more potentially affected by CVE-2025-59340 via com.hubspot.jinjava:jinjava (>=1.0.3 <=2.7.4)

com.hubspot.jinjava:jinjava MAVEN version =1.0.3, =1.3.3, =1.4.1, =1.0.2, =1.0.2, =0.1.0, =1.3.0, =0.3.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.1.6 - com.elevenware.felson.examples:authserver =0.0.2 - com.elevenware.felson.examples:felson-examples-app =0.0.2 - com.elevenware.felson.examples:one =0.0...

10CVSS6AI score0.01267EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by