Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.6AI score0.00335EPSS
Exploits0References1
Securelist
Securelist
added 2026/06/03 9:0 a.m.19 views

Argamal: Malware hidden in hentai games

In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...

6.1AI score
Exploits0
NVD
NVD
added 2026/05/28 4:16 p.m.27 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 4:16 p.m.9 views

PYSEC-2026-192

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 2:24 p.m.34 views

CVE-2026-45017

CVE-2026-45017 affects the Python Liquid engine. Before 2.2.0, FileSystemLoader and CachingFileSystemLoader fail to guard against reading files outside the search path when given absolute paths, enabling a malicious template author to load and render arbitrary files via {% include %} and {% rende...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/28 2:24 p.m.19 views

EUVD-2026-32907

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 2:24 p.m.10 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Python Liquid 路径遍历漏洞

Python Liquid is a Python engine developed by James for processing Liquid templates. Versions of Python Liquid prior to 2.2.0 had a path traversal vulnerability. This vulnerability stemmed from the lack of protection in FileSystemLoader and CachingFileSystemLoader against reading absolute paths,...

8.2CVSS5.8AI score0.00335EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/23 6:7 a.m.15 views

Directory Traversal

Python Liquid is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of absolute file paths in the FileSystemLoader and CachingFileSystemLoader, which allows a malicious template author to load and render arbitrary files outside the configured search paths using...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/11 2:57 p.m.10 views

Directory Traversal

Overview python-liquid is an A Python engine for the Liquid template language. Affected versions of this package are vulnerable to Directory Traversal via the FileSystemLoader and CachingFileSystemLoader components. An attacker can access and render arbitrary files outside the intended search pat...

8.2CVSS6.3AI score0.00335EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 2:57 p.m.14 views

python-liquid: Absolute paths escape filesystem loader search path

Impact The built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the % include % and % render % tags. Targeted files...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39696

Name of the Vulnerable Software and Affected Versions Python Liquid versions prior to 2.2.0 Description The built-in FileSystemLoader and CachingFileSystemLoader do not prevent reading files outside their designated search paths when an absolute path is provided. This allows malicious template...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2025/06/20 12:0 a.m.6 views

The vulnerability of the UFS loader component of the Grub2 operating system, which allows a hacker to trigger a service failure

The vulnerability of the UFS loader component in operating systems like Grub relates to writing beyond the boundary. Exploiting this vulnerability can allow an attacker to cause a service failure...

7.8CVSS6.7AI score0.00318EPSS
Exploits0References11Affected Software6
BDU FSTEC
BDU FSTEC
added 2024/01/17 12:0 a.m.5 views

The vulnerability of the password-based protection mechanism of Grub2, a loader for operating systems, allows a hacker to bypass the established access control measures.

The vulnerability of the password-based authentication mechanism of the Grub2 operating system’s loader is related to the ability to bypass authentication through spoofing. Exploiting this vulnerability can allow an attacker to circumvent the established access control measures...

5.6CVSS6.7AI score0.00542EPSS
Exploits0References9Affected Software3
OPENSUSE Linux
OPENSUSE Linux
added 2019/02/25 12:0 a.m.124 views

Security update for python-Jinja2 (moderate)

openSUSE Security Update: Security update for python-Jinja2 Announcement ID: openSUSE-SU-2019:0244-1 Rating: moderate References: 858239 Cross-References: CVE-2014-0012 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 An update that fixes one vulnerability is now available...

4.4CVSS7.1AI score0.0043EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2013/10/23 4:26 p.m.4 views

OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competiti...

10CVSS7.1AI score0.1015EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/05/22 6:33 p.m.5 views

OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competiti...

10CVSS7.1AI score0.1015EPSS
Exploits0References4
Rows per page
Query Builder