Lucene search
+L

805 matches found

snyk
snyk
added 2026/05/05 10:15 p.m.8 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the FreemarkerEngine.parse function. An attacker can execute arbitrary commands on the server by injecting malicious template code that leverages unrestricted cla...

7.5CVSS6.2AI score
Exploits0References2
osv
osv
added 2026/05/05 10:15 p.m.6 views

GHSA-MGGX-P7JF-JGW4 jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine

Summary Description An Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse as template source. This affec...

7.5CVSS6.2AI score
Exploits0References2
github
github
added 2026/05/05 10:15 p.m.6 views

jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine

Summary Description An Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse as template source. This affec...

6.2AI score
Exploits0References2Affected Software1
euvd
euvd
added 2026/05/05 6:33 p.m.8 views

EUVD-2026-27404

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

5.9AI score0.00175EPSS
Exploits1References2
nvd
nvd
added 2026/05/05 5:17 p.m.7 views

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

6.1CVSS0.00175EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/05/05 12:0 a.m.4 views

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

5.9AI score0.00175EPSS
Exploits1References2
cvelist
cvelist
added 2026/05/05 12:0 a.m.43 views

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

0.00175EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/04/27 7:23 p.m.7 views

CVE-2026-6984

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

5.8CVSS4.8AI score0.00299EPSS
Exploits0References1
snyk
snyk
added 2026/04/25 6:32 p.m.8 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the createtemplate function of the Dashboard API. An attacker can access sensitive information, modify data, or disrupt...

5.8CVSS5.8AI score0.00299EPSS
Exploits0References3
osv
osv
added 2026/04/25 6:32 p.m.7 views

GHSA-H3RR-9WQJ-V3C6 AstrBot has Incomplete Filtering of Special Elements

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

5.1CVSS5.5AI score0.00299EPSS
Exploits0References6
nvd
nvd
added 2026/04/25 4:16 p.m.6 views

CVE-2026-6984

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

5.8CVSS0.00299EPSS
Exploits0References5
cvelist
cvelist
added 2026/04/25 3:30 p.m.46 views

CVE-2026-6984 AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engine

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

5.8CVSS0.00299EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/04/25 3:30 p.m.3 views

CVE-2026-6984

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

5.8CVSS4.8AI score0.00299EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/04/25 3:30 p.m.10 views

EUVD-2026-25660

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

5.8CVSS4.9AI score0.00299EPSS
Exploits0References5
osv
osv
added 2026/04/25 3:30 p.m.3 views

CVE-2026-6984 AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engine

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

5.1CVSS5.4AI score0.00299EPSS
Exploits0References7
cve
cve
added 2026/04/25 3:30 p.m.25 views

CVE-2026-6984

AstrBotDevs AstrBot up to version 4.22.1 contains a vulnerability in the Dashboard API, specifically in the create_template function (astrbot/dashboard/routes/t2i.py). The issue is improper neutralization of special elements used in the template engine, enabling remote execution. Public exploit i...

5.8CVSS4.9AI score0.00299EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/04/25 12:0 a.m.13 views

PT-2026-35155

Name of the Vulnerable Software and Affected Versions AstrBotDevs AstrBot versions prior to 4.22.2 Description A flaw in the Dashboard API component allows remote attackers to exploit improper neutralization of special elements used in a template engine. This occurs within the create template...

5.8CVSS6.1AI score0.00299EPSS
Exploits0References13
snyk
snyk
added 2026/04/24 4:2 p.m.14 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the POST /prompts/test endpoint, which accepts user-supplied prompt templates and renders them...

8.8CVSS6.2AI score0.00373EPSS
Exploits1References2
osv
osv
added 2026/04/24 3:16 a.m.5 views

DEBIAN-CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS6.1AI score0.01131EPSS
Exploits0References1
snyk
snyk
added 2026/04/24 2:51 a.m.4 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Option::render and Options::factory code paths in the Option, Options, OptionsApi, and OptionsQuery classes. An attacker can inject template/query syntax into...

8.6CVSS5.4AI score0.00334EPSS
Exploits0References2
Rows per page
Query Builder