Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-56663

Name of the Vulnerable Software and Affected Versions ECA: Event - Condition - Action versions 0.0.0 through 2.1.20 ECA: Event - Condition - Action versions 3.0.0 through 3.0.12 ECA: Event - Condition - Action versions 3.1.0 through 3.1.4 Description Improperly controlled modification of...

6.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-6169

The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString method which compiles user-supplied template content into PHP code and executes it via eval...

7.2CVSS6.7AI score0.00581EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/19 3:31 p.m.10 views

GlassFish's gadget handler is vulnerable to RCE

A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...

9.6CVSS6AI score0.00628EPSS
Exploits2References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/04/09 4:54 p.m.4 views

CVE-2026-39980

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS6AI score0.00522EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.158 views

📄 WBCE CMS 1.6.5 LFI / Config Disclosure / Cross Site Scripting

The WBCE CMS frontend loader includes template files without sanitization. This allows local file inclusion, reading configuration files, and persistent cross site scripting via crafted templates. Version 1.6.5 is affected...

5.3AI score
Exploits0
CNNVD
CNNVD
added 2024/08/01 12:0 a.m.6 views

Netflix Dispatch 安全漏洞

Netflix Dispatch is a US-based Netflix software that provides deep integration with Slack, GSuite, Jira and other tools and provides security event management. Netflix Dispatch suffers from a security vulnerability that stems from allowing code to be executed within blocks that have not been...

9.4CVSS7.2AI score0.00508EPSS
Exploits0References2
PyPA
PyPA
added 2021/10/14 4:15 p.m.7 views

PYSEC-2021-379

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

9.8CVSS6AI score0.01006EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder