CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

702 matches found

EUVD-2026-38634

FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields ...

8.4CVSS5.9AI score

Exploits0References4

Cvelist•added yesterday•20 views

CVE-2026-56785 FlatPress - Stored Cross-Site Scripting via Unescaped Comment and Contact Form Fields

FlatPress contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields to execute malicious scripts in...

8.4CVSS

Exploits0References3

ATTACKERKB•added yesterday•3 views

CVE-2026-56785

8.4CVSS5.9AI score

Exploits0References4

Vulnrichment•added yesterday•4 views

CVE-2026-56785 FlatPress - Stored Cross-Site Scripting via Unescaped Comment and Contact Form Fields

8.4CVSS5.9AI score

Exploits0References3

Positive Technologies•added yesterday•8 views

PT-2026-51608

Name of the Vulnerable Software and Affected Versions FlatPress versions prior to commit 10be83c Description A stored cross-site scripting issue exists in comment and contact forms. The name, URL, and email fields are rendered without proper output encoding in Smarty templates. This allows...

8.4CVSS5.9AI score

Exploits0References7

NVD•added 6 days ago•13 views

CVE-2026-54390

JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive...

9.8CVSS0.00333EPSS

Exploits0References3

CVE•added 6 days ago•27 views

CVE-2026-54390

Technical details are not publicly available in the provided documents. Monitor for updates from the connected sources.

9.8CVSS5.8AI score0.00333EPSS

Exploits0References3

Cvelist•added 6 days ago•18 views

CVE-2026-54390 JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer

9.8CVSS0.00333EPSS

Exploits0References3

Vulnrichment•added 6 days ago•5 views

CVE-2026-54390 JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer

9.8CVSS6.2AI score0.00333EPSS

Exploits0References3

Positive Technologies•added 6 days ago•13 views

PT-2026-50772

Name of the Vulnerable Software and Affected Versions JTL Shop versions 5.2.0 through 5.7.1 Description Unauthenticated attackers can inject malicious template syntax because unsanitized user-supplied input is passed to the Smarty template engine, a tool used to generate dynamic web content. This...

9.8CVSS6.1AI score0.00333EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:18 p.m.•6 views

CVE-2026-45714

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

9.1CVSS5.9AI score0.00415EPSS

Exploits0References1

Tenable Nessus•added 2026/05/20 12:0 a.m.•9 views

Ubuntu 16.04 LTS : Smarty vulnerability (USN-8272-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8272-1 advisory. Takuya Aramaki discovered that Smarty did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack...

7.1CVSS6.8AI score0.01016EPSS

Exploits0References2

Ubuntu•added 2026/05/19 7:40 a.m.•11 views

USN-8272-1: Smarty vulnerability

Takuya Aramaki discovered that Smarty did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack...

7.1CVSS6.9AI score0.01016EPSS

Exploits0

Positive Technologies•added 2026/05/19 12:0 a.m.•9 views

PT-2026-42389

Takuya Aramaki discovered that Smarty did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack...

7.1CVSS6.9AI score0.01016EPSS

Exploits0References3

NVD•added 2026/05/13 9:16 p.m.•8 views

CVE-2026-45714

9.1CVSS0.00415EPSS

Exploits0References1

NVD•added 2026/05/13 9:16 p.m.•13 views

CVE-2026-44377

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

9.1CVSS0.00735EPSS

Exploits0References2

CVE•added 2026/05/13 8:43 p.m.•9 views

CVE-2026-45714

CubeCart prior to version 6.7.0 is affected by an Authenticated Server-Side Template Injection (SSTI) in multiple modules (Email Templates, Invoices, Documents, Contact Forms). The issue arises from unsafely evaluating user-supplied input with the Smarty template engine without enabling Smarty Se...

9.1CVSS6.1AI score0.00415EPSS

Exploits0References1

EUVD•added 2026/05/13 8:43 p.m.•9 views

EUVD-2026-30176

9.1CVSS6.1AI score0.00415EPSS

Exploits0References1

Cvelist•added 2026/05/13 8:43 p.m.•32 views

CVE-2026-45714 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE

9.1CVSS0.00415EPSS

Exploits0References1

Vulnrichment•added 2026/05/13 8:43 p.m.•9 views

CVE-2026-45714 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE