ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.10.0 <=6.10.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=6.10.0 <=6.10.5) +162 more potentially affected by CVE-2026-41901 via org.thymeleaf:thymeleaf-spring5 (>=3.0.9.RELEASE <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf-spring5 MAVEN version =3.0.9.RELEASE, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =6.10.0, =1.19.0, =v1.1, =v1.2 - cn.haoxiaoyong.ocr.email:email-msg =v1.0 and more Source cves: CVE-2026-41901 Source advisory:...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), au.org.consumerdatastandards:client-cli (>=1.1.1 <=2.4.1) +1473 more potentially affected by CVE-2026-40478 via org.thymeleaf:thymeleaf-spring5 (>=3.0.10.RELEASE <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf-spring5 MAVEN version =3.0.10.RELEASE, =0.5.0, =1.1.1, =3.4.0, =5.6.5, =4.1.0, =4.1.0, =3.7.0, =3.7.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =3.7.0, =5.5.7 and more Source cves: CVE-2026-40478 Source advisory: SNYK:JAVA-ORGTHYMELEAF-16078378...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), au.org.consumerdatastandards:client-cli (>=1.1.1 <=2.4.1) +1473 more potentially affected by CVE-2026-40477 via org.thymeleaf:thymeleaf-spring5 (>=3.0.10.RELEASE <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf-spring5 MAVEN version =3.0.10.RELEASE, =0.5.0, =1.1.1, =3.4.0, =5.6.5, =4.1.0, =4.1.0, =3.7.0, =3.7.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =3.7.0, =5.5.7 and more Source cves: CVE-2026-40477 Source advisory: SNYK:JAVA-ORGTHYMELEAF-16078371...

CVE-2021-43466

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

Thymeleaf 命令注入漏洞

Thymeleaf-Spring5 is an open source modern server-side Java template engine for web and standalone environments from the Thymeleaf team. A security vulnerability exists in Thymeleaf version 3.1.1.RELEASE and prior versions. An attacker can exploit the vulnerability to gain write access to...

GHSA-QCJ6-JQRG-4WP2 Template injection in thymeleaf-spring5

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

Template injection in thymeleaf-spring5

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

CVE-2021-43466

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

CVE-2021-43466

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

Remote code execution

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

CVE-2021-43466

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

PT-2021-23849 · Unknown · Thymeleaf-Spring5

Name of the Vulnerable Software and Affected Versions: thymeleaf-spring5 version 3.0.12 Description: The issue in thymeleaf-spring5 may lead to remote code execution when thymeleaf is combined with specific scenarios in template injection. Recommendations: For thymeleaf-spring5 version 3.0.12, at...

Thymeleaf-Spring5 代码注入漏洞

Thymeleaf-Spring5 is an open source, modern, server-side Java template engine for web and standalone environments from the Thymeleaf team. A security vulnerability exists in Thymeleaf-Spring5, which arises from a networked system or product that does not properly filter specific elements of...

CVE-2021-43466

CVE-2021-43466 affects thymeleaf-spring5, specifically the 3.0.12 release, where template injection in Thymeleaf can lead to remote code execution. The vulnerability is tied to thymeleaf-spring5 usage and template rendering scenarios that enable code execution. Remediation in the provided docs re...