GHSA-HWG5-X759-7WJG PraisonAI has Template Injection in Agent Tool Definitions

Summary Direct insertion of unescaped user input into template-rendering tools allows arbitrary code execution via specially crafted agent instructions. Details The createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user inpu...

PraisonAI has Template Injection in Agent Tool Definitions

Summary Direct insertion of unescaped user input into template-rendering tools allows arbitrary code execution via specially crafted agent instructions. Details The createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user inpu...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SharpShowTextField component when rendering user-supplied input containing Vue template syntax. An attacker can execute arbitrary JavaScript or inject malicious HTML by submitting specially crafted...

CVE-2025-62798 Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax

Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting XSS vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, expressions wrapped in & were evaluated by Vue. Thi...

CVE-2025-62798

The CVE-2025-62798 issue affects the code16/sharp package (Sharp) used with Laravel, specifically the SharpShowTextField component. In vulnerable versions prior to 9.11.1, Vue evaluated expressions wrapped in {{ ... }} when rendering content, allowing attacker-controlled input to execute arbitrar...

CVE-2025-62798 Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax

Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting XSS vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, expressions wrapped in & were evaluated by Vue. Thi...

EUVD-2020-27317

Malware in sbrugna...

WordPress plugin Appointment Booking Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

SRC-2021-0002 : CSCart templates.manage Server Side Template Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of CSCart. Authentication is required to exploit this vulnerability with the Files privilege. The specific flaw exists within the templates.manage dispatch method. The issue resul...

CVE-2020-6163

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template in the templates/search/PropertySuggestionsWidget.mustache+dom file...