17 matches found
CVE-2026-45017
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
Argamal: Malware hidden in hentai games
In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...
CVE-2026-45017
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
PYSEC-2026-192
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
CVE-2026-45017
CVE-2026-45017 affects the Python Liquid engine. Before 2.2.0, FileSystemLoader and CachingFileSystemLoader fail to guard against reading files outside the search path when given absolute paths, enabling a malicious template author to load and render arbitrary files via {% include %} and {% rende...
EUVD-2026-32907
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
CVE-2026-45017
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
Python Liquid 路径遍历漏洞
Python Liquid is a Python engine developed by James for processing Liquid templates. Versions of Python Liquid prior to 2.2.0 had a path traversal vulnerability. This vulnerability stemmed from the lack of protection in FileSystemLoader and CachingFileSystemLoader against reading absolute paths,...
Directory Traversal
Python Liquid is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of absolute file paths in the FileSystemLoader and CachingFileSystemLoader, which allows a malicious template author to load and render arbitrary files outside the configured search paths using...
Directory Traversal
Overview python-liquid is an A Python engine for the Liquid template language. Affected versions of this package are vulnerable to Directory Traversal via the FileSystemLoader and CachingFileSystemLoader components. An attacker can access and render arbitrary files outside the intended search pat...
python-liquid: Absolute paths escape filesystem loader search path
Impact The built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the % include % and % render % tags. Targeted files...
PT-2026-39696
Name of the Vulnerable Software and Affected Versions Python Liquid versions prior to 2.2.0 Description The built-in FileSystemLoader and CachingFileSystemLoader do not prevent reading files outside their designated search paths when an absolute path is provided. This allows malicious template...
The vulnerability of the UFS loader component of the Grub2 operating system, which allows a hacker to trigger a service failure
The vulnerability of the UFS loader component in operating systems like Grub relates to writing beyond the boundary. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the password-based protection mechanism of Grub2, a loader for operating systems, allows a hacker to bypass the established access control measures.
The vulnerability of the password-based authentication mechanism of the Grub2 operating system’s loader is related to the ability to bypass authentication through spoofing. Exploiting this vulnerability can allow an attacker to circumvent the established access control measures...
Security update for python-Jinja2 (moderate)
openSUSE Security Update: Security update for python-Jinja2 Announcement ID: openSUSE-SU-2019:0244-1 Rating: moderate References: 858239 Cross-References: CVE-2014-0012 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 An update that fixes one vulnerability is now available...
OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)
The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competiti...
OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)
The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competiti...