14 matches found
EUVD-2020-12560
Malware in sbrugna...
CVE-2025-11289
CVE-2025-11289 affects westboy CicadasCMS, specifically the Save function in TemplateFileServiceImpl.java (Template Management Page). The vulnerability enables cross-site scripting and can be triggered remotely. Public disclosures exist for the exploit. Connected documents indicate remediation by...
EUVD-2024-2170
Malicious code in bioql PyPI...
Malicious code in nit-template-service-core-lib (npm)
The package nit-template-service-core-lib was found to contain malicious code...
MAL-2025-27563 Malicious code in nit-template-service-core-lib (npm)
The package nit-template-service-core-lib was found to contain malicious code...
CVE-2020-28246
A Server-Side Template Injection SSTI was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and on...
Design/Logic Flaw
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended...
Hitachi Pentaho Business Analytics 路径遍历漏洞
Hitachi Pentaho Business Analytics is a business analytics platform from Hitachi, Japan, Inc. for securely accessing, integrating, manipulating, visualizing and analyzing big data assets. A security vulnerability exists in Hitachi Pentaho Business Analytics version 9.2.0.2 prior to version 9.2 an...
The vulnerability of the BI Publisher Security component of the Oracle BI Publisher reporting tool allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the BI Publisher Security component of the Oracle BI Publisher reporting tool is related to a deficiency in the restriction on XML references to external objects during the processing of ReportTemplateService parameters. Exploiting this vulnerability can allow an attacker to...
CVE-2020-1705
A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this...
CVE-2020-1705
A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this...
CVE-2020-1705
The CVE-2020-1705 issue affects openshift/template-service-broker-operator prior to version 4.3.0. The root cause is an insecure modification vulnerability in /etc/passwd, allowing an attacker with container access to modify /etc/passwd and escalate privileges (local, with low privileges required...
PT-2020-14904 · Red Hat · Openshift/Template-Service-Broker-Operator
Name of the Vulnerable Software and Affected Versions: openshift/template-service-broker-operator versions prior to 4.3.0 Description: A flaw was discovered in the openshift/template-service-broker-operator, where an insecure modification vulnerability in the /etc/passwd file allows an attacker...
CVE-2020-1705
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...