Lucene search
K

22 matches found

Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-50162

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description Caddy is an extensible server platform that uses TLS by default. The stripHTML template function, specifically within the funcStripHTML function, cannot reliably remove all HTML tags from input string...

4.2CVSS6AI score0.00153EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2021-30809

Malicious code in bioql PyPI...

9CVSS6.9AI score0.04117EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:21 a.m.5 views

CVE-2024-7093

Dispatch's notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in their custom message templates, which are then...

9.4CVSS7.5AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:33 p.m.7 views

CVE-2020-25093

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel...

6.1CVSS6.1AI score0.00679EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/02/12 12:0 a.m.11 views

CVE-2025-26520

Cacti through 1.2.29 allows SQL injection in the template function in hosttemplates.php via the graphtemplate parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146...

9.8CVSS7.6AI score0.00447EPSS
Exploits0
Cvelist
Cvelist
added 2025/02/07 10:11 a.m.17 views

CVE-2025-25106 WordPress Starter Templates by FancyWP plugin <= 2.0.0 - CSRF to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in FancyWP Starter Templates by FancyWP starter-templates allows Cross Site Request Forgery.This issue affects Starter Templates by FancyWP: from n/a through = 2.0.0...

9.6CVSS0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/28 12:0 a.m.5 views

WordPress plugin Royal Elementor Addons and Templates 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.3AI score0.00377EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/10/18 12:0 a.m.4 views

The vulnerability of the Layout Templates component of the Oracle BI Publisher software allows a malicious individual to gain access to, modify, or delete data.

The vulnerability of the Layout Templates component in the Oracle BI Publisher reporting software lies in insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain read access, modify data, or even delete data...

8CVSS7.6AI score0.00426EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.3 views

WordPress plugin Royal Elementor Addons and Templates security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.1AI score0.00314EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.2 views

WordPress plugin Royal Elementor Addons and Templates 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS5.9AI score0.00283EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.4 views

CVE-2023-42089

Foxit PDF Reader templates Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS4.9AI score0.00464EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.5 views

WordPress plugin Royal Elementor Addons and Templates security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

7.5CVSS6.8AI score0.0071EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2023/10/21 12:0 a.m.7 views

The vulnerability of the Royal Elementor Addons and Templates plugin of the WordPress content management system allows a hacker to execute arbitrary code by loading a specially created file.

The vulnerability of the Royal Elementor Addons and Templates plugin of the WordPress content management system is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by downloading ...

10CVSS8.2AI score0.81695EPSS
Exploits18References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/15 12:0 a.m.10 views

CVE-2023-25345

Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags...

7.5AI score0.01042EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/03/15 12:0 a.m.5 views

CVE-2023-25344

An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function...

9.7AI score0.01028EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.3 views

swig 安全漏洞

swig is a JavaScript template engine open-sourced by node-swig. A security vulnerability exists in swig-templates thru version 2.0.4 and swig thru version 1.4.2, which originated from a vulnerability that allows an attacker to execute arbitrary code via a crafted Object.prototype anonymous functi...

9.8CVSS8.9AI score0.01028EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2023/02/02 1:23 p.m.5 views

1095h-cli (=1.0.1), 5coder-pages (=0.2.0) +548 more potentially affected by CVE-2023-25345 via swig-templates (>=2.0.2 <=2.0.3)

swig-templates NPM version =2.0.2, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =0.0.1, =0.0.1-alpha.0 and more Source cves: CVE-2023-25345 Source advisory: SNYK:JS-SWIGTEMPLATES-3266805...

7.5CVSS7.1AI score0.01042EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2022/12/14 8:17 a.m.7 views

CVE-2022-3073 Quaonos Schema ST4 example templates prone to XSS

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

6.1CVSS6.5AI score0.00454EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/01/20 12:0 a.m.6 views

The vulnerability of the standard library of Windows operating system templates allows attackers to enhance their privileges and execute arbitrary code.

The vulnerability of the standard library of Windows operating system templates is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

7.8CVSS7.5AI score0.00799EPSS
Exploits0References2
Atlassian
Atlassian
added 2020/04/20 6:2 a.m.38 views

Improper authorization on /rest/project-templates/1.0/createshared endpoint - CVE-2020-4029

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project names via an improper authorization vulnerability in the /rest/project-templates/1.0/createshared endpoint API endpoint. Affected versions: version 8.5.5 8.6.0 ≤ version 8.7.2 8.8.0 ≤ version...

4.3CVSS7.8AI score0.01448EPSS
Exploits0
Rows per page
Query Builder