Lucene search
K

15 matches found

EUVD
EUVD
added 2026/06/01 11:24 a.m.8 views

EUVD-2026-33629

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

5.4CVSS5.9AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.14 views

PT-2026-45410

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 151.2 Description Reader View in Firefox for iOS replaced page content in its HTML template before substituting other internal placeholders. A malicious page could include a placeholder string that was...

5.4CVSS5.9AI score0.00157EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 9:35 p.m.12 views

CVE-2026-40032

CVE-2026-40032 affects UAC (Unix-like Artifacts Collector) up to version 3.3.0-rc1. The vulnerability is a command injection in the placeholder substitution and command execution pipeline: _run_command() passes constructed command strings directly to eval without proper sanitization, enabling arb...

8.5CVSS6.2AI score0.00726EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/08 9:35 p.m.7 views

CVE-2026-40032 UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution

UAC Unix-like Artifacts Collector before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the runcommand function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell...

8.5CVSS6AI score0.00726EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/08 9:35 p.m.17 views

CVE-2026-40032 UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution

UAC Unix-like Artifacts Collector before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the runcommand function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell...

8.5CVSS0.00726EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31469

UAC Unix-like Artifacts Collector before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the run command function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell...

8.5CVSS6.2AI score0.00726EPSS
Exploits0References8
NVD
NVD
added 2026/03/28 10:16 a.m.7 views

CVE-2026-2442

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 2.0.7. This is due to the contact form handler performing placeholder substitution on...

5.3CVSS0.00297EPSS
Exploits0References2
CVE
CVE
added 2026/03/27 7:29 p.m.8 views

CVE-2026-31951

Vulnerability summary : LibreChat’s MCP server feature (versions 0.8.2-rc1 to 0.8.3-rc1) allows arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can host a malicious MCP server with headers like {{LIBRECHAT_OPENID_ACCESS_TOKEN}} to exfiltrate victims’ OAuth tok...

6.8CVSS6AI score0.00244EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/11/27 11:15 a.m.6 views

PYSEC-2025-154

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
OSV
OSV
added 2025/10/08 11:32 p.m.2 views

GHSA-8HXP-QMPH-W5GQ Keycloak Potential Variable Reference in Model Storage Services

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

4.9CVSS5.8AI score0.0046EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2025/09/04 11:13 a.m.6 views

org.keycloak/keycloak-model-storage-service: Variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

4.9CVSS5.8AI score0.0046EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/09/04 11:9 a.m.6 views

org.keycloak/keycloak-model-storage-service: Variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

4.9CVSS5.8AI score0.0046EPSS
Exploits0References4
OSV
OSV
added 2025/08/21 6:31 p.m.1 views

GHSA-W2WJ-HW98-233H Duplicate Advisory: Keycloak Potential Variable Reference in Model Storage Services

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8hxp-qmph-w5gq. This link is maintained to preserve external references. Original Description A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes...

4.9CVSS5.7AI score0.0046EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2025/08/21 6:31 p.m.6 views

Duplicate Advisory: Keycloak Potential Variable Reference in Model Storage Services

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8hxp-qmph-w5gq. This link is maintained to preserve external references. Original Description A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes...

4.9CVSS4.3AI score0.0046EPSS
Exploits0References12Affected Software1
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.2 views

Keycloak 安全漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. A security vulnerability exists in Keycloak that stems from the possibility of injecting malicious content during placeholder substitution, which could lead to injection attacks...

4.9CVSS4.3AI score0.0046EPSS
Exploits0References4
Rows per page
Query Builder