Lucene search
K

110 matches found

OSV
OSV
added 2025/12/15 12:0 a.m.4 views

CVE-2025-66434

An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

8.8CVSS7.3AI score0.00516EPSS
Exploits1References4
Veracode
Veracode
added 2025/10/27 1:58 p.m.6 views

Cross-site Scripting

dotnetnuke.core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding of user input in URL and template rendering, allowing attackers to inject malicious scripts that execute in victims’ browsers...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/10/17 7:15 p.m.7 views

CVE-2025-56316

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

9.8CVSS0.00594EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0861

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00589EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-0746

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00602EPSS
Exploits0References5
CVE
CVE
added 2025/09/25 12:0 a.m.15 views

CVE-2025-60249

CVE-2025-60249 affects vulnerability-lookup 2.16.0 and enables XSS via Bundles, Comments, and Sightings components (bundle.py, comment.py, user.py). The root cause is unsafe handling of user-supplied input, with untrusted data rendered in templates/tables due to innerHTML usage and insufficient v...

6.4CVSS5AI score0.00185EPSS
Exploits0References1
OSV
OSV
added 2025/09/23 5:42 p.m.5 views

CVE-2025-59821 DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References3
Veracode
Veracode
added 2025/09/08 8:49 a.m.7 views

Cross-site Scripting (XSS)

librenms/librenms is vulnerable to stored cross-site scripting XSS. The vulnerability is due to malicious JavaScript being allowed in the Alert Template creation feature, which executes when the template is rendered...

5.5CVSS6AI score0.00817EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-14802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad 0.5.0 through 0.9.4 fixed in 0.9.5 reveals unintended environment variables to the rendering task during template rendering, aka...

5.3CVSS5.6AI score0.00589EPSS
Exploits0References2
CVE
CVE
added 2025/08/18 4:36 p.m.18 views

CVE-2025-55214

CVE-2025-55214 (Copier) : A directory traversal vulnerability affects Copier libraries and CLI from version 7.1.0 up to, but not including, 9.9.1. When using a safe template, an attacker could cause files to be written outside the destination path by exploiting the template rendering of a generat...

6.9CVSS7.2AI score0.00244EPSS
Exploits0References2
CVE
CVE
added 2025/08/18 4:21 p.m.26 views

CVE-2025-55201

CVE-2025-55201 concerns the Copier library/CLI used for rendering project templates. Prior to version 9.9.1, the template rendering context exposes certain pathlib.Path objects in Jinja with unconstrained I/O methods, enabling a safe template to read and write arbitrary files on the filesystem an...

8.5CVSS6.6AI score0.0024EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.16 views

Copier 路径遍历漏洞

Copier is a Copier open source library for rendering project templates. A path traversal vulnerability exists in Copier versions prior to 7.1.0 through 9.9.1, which stems from the fact that templates can be written to files outside of the target path, potentially leading to arbitrary file...

6.9CVSS6.9AI score0.00244EPSS
Exploits0References3
Veracode
Veracode
added 2025/07/16 5:19 a.m.5 views

Server-side Template Injection

binarytorch/larecipe is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to improper handling of user input in template rendering, which allows an attacker to inject malicious templates and potentially achieve Remote Code Execution RCE in vulnerable server configuration...

10CVSS7AI score0.09357EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/28 12:0 a.m.8 views

The vulnerability of the include() function in Twig template rendering handlers allows attackers to circumvent existing security restrictions.

The vulnerability of the include function in Twig template rendering engines is related to a breach of data protection mechanisms. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions remotely...

8.6CVSS7.7AI score0.00833EPSS
Exploits0References7Affected Software4
Ubuntu
Ubuntu
added 2024/08/08 7:21 p.m.38 views

USN-6948-1: Salt vulnerabilities

It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. CVE-2020-16846 It was discovered that Salt incorrectly created certificates with weak file permissions. CVE-2020-17490 It was discovered that Salt...

9.8CVSS7.3AI score0.99585EPSS
Exploits13
OSV
OSV
added 2024/08/08 7:21 p.m.5 views

USN-6948-1 salt vulnerabilities

It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. CVE-2020-16846 It was discovered that Salt incorrectly created certificates with weak file permissions. CVE-2020-17490 It was discovered that Salt...

9.8CVSS6.9AI score0.99585EPSS
Exploits13References13
Tenable Nessus
Tenable Nessus
added 2024/08/08 12:0 a.m.38 views

Ubuntu 16.04 LTS / 18.04 LTS : Salt vulnerabilities (USN-6948-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6948-1 advisory. It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary...

9.8CVSS7.5AI score0.99585EPSS
Exploits13References13
VulnCheck KEV
VulnCheck KEV
added 2024/05/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-6623

The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks...

9.8CVSS7.3AI score0.50673EPSS
Exploits2References1
Veracode
Veracode
added 2024/04/25 5:33 a.m.29 views

Remote Code Execution

pyloadng is vulnerable to remote code execution RCE. The vulnerability is due to improper file path handling and template rendering, allowing an authenticated user to upload and execute a crafted template file...

9.1CVSS7.6AI score0.01354EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/03/15 9:30 p.m.2 views

GHSA-2RQ5-699J-X7P6 Arbitrary local file read vulnerability during template rendering

Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags...

7.5CVSS6AI score0.01042EPSS
Exploits1References2
Rows per page
Query Builder