206 matches found
CVE-2026-7388
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
CVE-2026-44884 Portainer: Missing authorization on custom template file endpoint exposes template content
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template file endpoint GET...
EUVD-2026-33058
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template file endpoint GET...
CVE-2026-44884 Portainer: Missing authorization on custom template file endpoint exposes template content
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template file endpoint GET...
Portainer 安全漏洞
Portainer is a lightweight user management interface developed by Portainer Foundation for managing Docker environments and Docker hosts. Vulnerabilities existed in versions of Portainer from 2.33.0 to 2.33.8, as well as in version 2.39.1, due to an issue with authorization verification in custom...
GHSA-CQPQ-2FGR-8MVC Portainer missing authorization on custom template file endpoint, which exposes template content
Summary A missing authorization vulnerability in the Custom Template file endpoint GET /api/customtemplates/id/file allows any authenticated user to read the file content of any custom template by enumerating sequential integer IDs, bypassing Resource Control access restrictions. Template files m...
PT-2026-41144
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.0 Portainer Community Edition versions prior to 2.33.0 Description A missing authorization issue in the Custom Template file...
CVE-2026-7388
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
CVE-2026-7388
CVE-2026-7388 affects EyouCMS up to version 1.7.9, specifically the Template File Handler’s FilemanagerLogic.php editFile function. The weakness enables code injection via remote manipulation of the editFile workflow. Public exploit appears available and the vendor has not publicly responded to t...
CVE-2026-7388 EyouCMS Template File FilemanagerLogic.php editFile code injection
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
CVE-2026-7388 EyouCMS Template File FilemanagerLogic.php editFile code injection
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
CVE-2026-7388
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
EUVD-2026-26251
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
PT-2026-35940
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
CVE-2026-33705 Chamilo LMS has unauthenticated access to Twig template source files exposes application logic
Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...
Linux Distros Unpatched Vulnerability : CVE-2026-33897
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root ...
CVE-2026-3714
A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such manipulation leads to improper neutralization of special elements used in a template engine. The...
CVE-2026-24452
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...
EUVD-2026-8975
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...
CVE-2026-24452
CVE-2026-24452 describes an OS command injection in XWEB Pro ≤ 1.12.1. An authenticated attacker can achieve remote code execution by supplying a crafted template file to the /devices route. The vulnerability is documented across multiple sources (NVD, Red Hat, EUVD/ENISA, CVE list) with consiste...