CVE-2026-34587 Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... ...

GHSA-P75G-CXFJ-7WRX Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro

Summary If untrusted user input is used to dynamically create a PebbleTemplate with the method PebbleEnginegetLiteralTemplate, then an attacker can include arbitrary local files from the file system into the generated template, leaking potentially sensitive information into the output of...

Django 输入验证错误漏洞

Django is the Django Foundation's set of Python-based language open source Web application framework . The framework includes an object-oriented mapper, view system, template system, etc. A security vulnerability exists in Django versions 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1...

Advisory ROSA-SA-2021-1942

Software: orca 3.6.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-9298 CVE-Crit: HIGH CVE-DESC: The spinnaker template resolution feature is vulnerable to server-side request forgery SSRF, which allows an attacker to send requests on behalf of the spinnaker, potentially exposing sensitive data. CVE-STATUS:...

CVE-2020-9298

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery SSRF, which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure...

CVE-2020-9298

CVE-2020-9298 concerns the Spinnaker template resolution feature, which is vulnerable to Server-Side Request Forgery (SSRF) . The provided connected documents confirm that the vulnerability affects the Spinnaker template resolution functionality, enabling an attacker to send requests on behalf of...