29 matches found
CVE-2026-32252
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...
CVE-2026-32252
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...
EUVD-2026-21553
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...
CVE-2026-32252
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...
CVE-2026-32252
CVE-2026-32252 – Chartbrew : A cross-tenant authorization bypass exists in GET /team/:team_id/template/generate/:project_id prior to 4.9.0. The handler calls checkAccess(req, "updateAny", "chart") without awaiting the promise and does not verify the project_id belongs to the caller’s team. As a r...
CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...
CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...
PT-2026-32028
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:team id/template/generate/:project id. The GET handler calls checkAccessreq,...
CVE-2021-28963
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...
Beyond Fixed and Dynamic Prompts: Embedded Jailbreak Templates for Advancing LLM Security
As the use of large language models LLMs continues to expand, ensuring their safety and robustness has become a critical challenge. In particular, jailbreak attacks that bypass built-in safety mechanisms are increasingly recognized as a tangible threat across industries, driving the need for...
EUVD-2024-31569
Malicious code in bioql PyPI...
The vulnerability of the Ansible configuration management system, related to improper code generation, allows a attacker to execute arbitrary code.
The vulnerability of the Ansible configuration management system is related to incorrect code generation during template processing. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the Admin CP configuration module of the MyBB forum creation software allows a hacker to execute arbitrary code.
The vulnerability of the Admin CP module for the MyBB forum creation software is related to improper code generation during template processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Velocity Template Handler component in the Atlassian Jira Server and Data Center processing system lies in errors during template code generation, allowing attackers to execute arbitrary code.
The vulnerability of the Velocity Template Handler component in the Atlassian Jira Server and Data Center processing system is related to errors during the template code generation process. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
CVE-2022-24881 Command Injection in Ballcat Codegen
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...
Nuclei-Burp-Plugin - Nuclei Plugin For BurpSuite
A BurpSuite plugin intended to help with nuclei template generation. Features Template matcher generation Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts Multi-line selections are split to separate words for readability Binary matchers are...
nuclei-templates
This repository is a collection of templates for the nuclei engine, a tool used to find security vulnerabilities in applications. The templates are used to identify potential vulnerabilities and are contributed by both the project's team and the community. The repository contains various template...
OPENSUSE-SU-2021:3244-1 Security update for shibboleth-sp
This update for shibboleth-sp fixes the following issues: - Template generation allows external parameters to override placeholders bsc1184222...
SUSE-SU-2021:3244-1 Security update for shibboleth-sp
This update for shibboleth-sp fixes the following issues: - Template generation allows external parameters to override placeholders bsc1184222...
Security update for shibboleth-sp (low)
openSUSE Security Update: Security update for shibboleth-sp Announcement ID: openSUSE-SU-2021:3244-1 Rating: low References: 1184222 Affected Products: openSUSE Leap 15.3 An update that contains security fixes can now be installed. Description: This update for shibboleth-sp fixes the following...