805 matches found
CVE-2026-34984
Summary: External Secrets Operator (ESO) versions 2.2.0 and earlier are vulnerable due to the v2 template engine’s getHostByName exposure in runtime/template/v2/template.go. An attacker who can create or update templated ExternalSecret resources can trigger controller-side DNS lookups using secre...
CVE-2026-34984 External Secrets Operator has DNS exfiltration via getHostByName in its v2 template engine
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...
External Secrets 信息泄露漏洞
External Secrets is an open-source Kubernetes-related application developed by External Secrets. Versions of External Secrets 2.2.0 and earlier contain a vulnerability related to information leakage. This vulnerability stems from the v2 template engine not removing the getHostByName function, whi...
GHSA-R2PG-R6H7-CRF3 External Secrets Operator has DNS-based secret exfiltration via getHostByName in External Secrets v2 template engine
Summary The v2 template engine in runtime/template/v2/template.go imports Sprig’s TxtFuncMap and removes env and expandenv, but leaves getHostByName available to user-controlled templates. Because ESO executes templates inside the controller process, an attacker who can create or update templated...
External Secrets Operator has DNS-based secret exfiltration via getHostByName in External Secrets v2 template engine
Summary The v2 template engine in runtime/template/v2/template.go imports Sprig’s TxtFuncMap and removes env and expandenv, but leaves getHostByName available to user-controlled templates. Because ESO executes templates inside the controller process, an attacker who can create or update templated...
CVE-2026-5987 Sanluan PublicCMS FreeMarker Template AbstractFreemarkerView.java AbstractFreemarkerView.doRender special elements used in a template engine
A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker Template Handler...
PT-2026-31823
A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker Template Handler...
Improper Neutralization of Special Elements Used in a Template Engine
Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the template formatting. An attacker can access internal object fields or nested data by...
liquidjs 信息泄露漏洞
LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.4 contained an information leakage vulnerability. This vulnerability stemmed from the sortnatural filter bypassing the ownPropertyOnly security option,...
Incomplete Filtering of Special Elements
Overview PyBlade is a PyBlade is a lightweight template engine for Python, initially designed for Django. Inspired by Laravel's Blade and Livewire, it simplifies dynamic template creation with developer-friendly @-based directives and component support, all while prioritizing security. Affected...
EUVD-2026-19066
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...
CVE-2026-5559
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...
CVE-2026-5559 AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...
CVE-2026-5559 AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...
CVE-2026-5559
AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha is affected by a vulnerability in sandbox.py:_is_safe_ast within the AST Validation component. The flaw enables improper neutralization of special elements in the template engine, with remote-exploitation potential. Exploit has been disclosed publicl...
CVE-2026-5559 AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...
CVE-2026-5559
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...
PyBlade 安全漏洞
PyBlade is a lightweight and efficient Python template engine developed by Antares’ individual developers, supporting component-based development. Versions 0.1.8-alpha and 0.1.9-alpha of PyBlade contain security vulnerabilities, which stem from the improper handling of special elements within the...
Improper Neutralization of Special Elements Used in a Template Engine
Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the generatecontainerfile function when rendering user-supplied Jinja2 templates in an unsandboxed...
PT-2026-29427
Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.62.2 Description: File Browser versions prior to 2.62.2 are susceptible to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An administrator setting the branding.name field to a malicious...