Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-0431

Malicious code in bioql PyPI...

8.2CVSS7.2AI score0.00817EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-21648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a...

8.2CVSS6.6AI score0.00817EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/02/06 1:17 a.m.8 views

CVE-2022-21648

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...

8.2CVSS6.1AI score0.00817EPSS
Exploits0References1
Cvelist
Cvelistadded 2022/01/04 8:10 p.m.12 views

CVE-2022-21648 Sandbox bypass in Latte templates

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...

8.2CVSS8.1AI score0.00817EPSS
Exploits0References2
CNNVD
CNNVDadded 2022/01/04 12:0 a.m.3 views

Latte 跨站脚本漏洞

Latte is a template engine for Nette Foundation's Php. Latte in version 2.8.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client...

8.2CVSS5.5AI score0.00817EPSS
Exploits0References3
OSV
OSVadded 2021/12/17 8:15 p.m.2 views

UBUNTU-CVE-2021-23803

This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters x00-x08 after the function will bypass these restriction...

9.8CVSS7.3AI score0.01576EPSS
Exploits1References5
CNNVD
CNNVDadded 2021/12/17 12:0 a.m.2 views

latte 安全漏洞

Latte is a template engine for Php from the Nette Foundation. A security vulnerability exists in latte versions prior to 2.10.6, which stems from the existence of methods to bypass allowFunctions in the software, which affects the security of the application. When a template is set to allow or...

9.8CVSS8.2AI score0.01576EPSS
Exploits1References4
Snyk
Snykadded 2021/11/26 3:2 p.m.3 views

Access Control Bypass

Overview latte/latte is an intuitive and fast template engine for those who want the most secure PHP sites. Introduces context-sensitive escaping. Affected versions of this package are vulnerable to Access Control Bypass. There is a way to bypass allowFunctions that will affect the security of th...

9.8CVSS7AI score0.01576EPSS
Exploits1References2
Rows per page
Query Builder