Lucene search
K

39 matches found

Snyk
Snyk
added 2026/04/07 8:17 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of Mustache navigation templates when user-controlled values are interpolated into the href attribute without proper URL scheme validation. An attacker can execute arbitrary JavaScript in the...

4.8CVSS5.7AI score0.00176EPSS
Exploits1References2
NVD
NVD
added 2026/04/07 4:16 p.m.6 views

CVE-2026-35571

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript:...

4.8CVSS0.00176EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/07 3:26 p.m.2 views

CVE-2026-35571 Emissary has Stored XSS via Navigation Template Link Injection

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript:...

4.8CVSS5.8AI score0.00176EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 3:26 p.m.19 views

CVE-2026-35571

CVE-2026-35571 affects Emissary prior to 8.39.0. Mustache navigation templates interpolated config-controlled link values directly into href attributes without URL scheme validation, allowing an administrator with navItems access to inject javascript: URIs and trigger stored XSS against other aut...

4.8CVSS5.8AI score0.00176EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.4 views

CVE-2026-32735

openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...

2.3CVSS5.9AI score0.00321EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/19 12:41 a.m.9 views

Resources Downloaded over Insecure Protocol

Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol through the dependency resolution of openapi-to-java-records-mustache-templates artifact that if compromised may include arbitrary .mustache files. An attacker can introduce and distribute...

3.4CVSS6AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/03/18 11:17 p.m.3 views

CVE-2026-32735

openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...

2.3CVSS0.00321EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/18 10:13 p.m.3 views

CVE-2026-32735

openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...

2.3CVSS5.8AI score0.00321EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/18 10:13 p.m.22 views

CVE-2026-32735 Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin`

openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...

2.3CVSS0.00321EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 10:13 p.m.4 views

CVE-2026-32735 Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin`

openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...

2.3CVSS5.9AI score0.00321EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/18 6:3 a.m.7 views

CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates

Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...

7CVSS6.1AI score0.00243EPSS
Exploits1References3
CVE
CVE
added 2026/03/18 6:3 a.m.20 views

CVE-2026-32608

Glances CVE-2026-32608 describes a local command-injection in the action system. Before 4.5.2, Mustache-rendered values such as process names, mount points, or container names could contain shell metacharacters that are not safely handled by secure_popen(), causing unintended command splitting. A...

7CVSS6.1AI score0.00243EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.11 views

Openapi to Java Records Mustache Templates 输入验证错误漏洞

Openapi to Java Records Mustache Templates is a record-generation tool developed by Christopher Molin. Versions of Openapi to Java Records Mustache Templates prior to 5.5.1 had a vulnerability related to input validation errors. This vulnerability stemmed from the possibility of the parent POM fi...

2.3CVSS6AI score0.00321EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-25846

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances is a system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands...

7CVSS6.1AI score0.00243EPSS
Exploits1References28
OSV
OSV
added 2025/12/18 11:46 a.m.4 views

BIT-PARSE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available in...

6.1CVSS5.4AI score0.00183EPSS
Exploits0References4
OSV
OSV
added 2025/12/16 12:56 a.m.7 views

CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...

5.3CVSS5.7AI score0.00183EPSS
Exploits0References5
OSV
OSV
added 2025/11/20 5:42 p.m.2 views

GHSA-6QV9-48XG-FC7F LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates

Context A template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings not just template variables in ChatPromptTemplate...

8.3CVSS6.8AI score0.00466EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2019-5954

Malware in sbrugna...

6.1CVSS6.1AI score0.00668EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-7119

Malicious code in bioql PyPI...

7.1CVSS5.5AI score0.00526EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-40313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. CVE-2022-40313 Not...

7.1CVSS5.8AI score0.00526EPSS
Exploits0References2
Rows per page
Query Builder