7 matches found
PT-2026-56663
Name of the Vulnerable Software and Affected Versions ECA: Event - Condition - Action versions 0.0.0 through 2.1.20 ECA: Event - Condition - Action versions 3.0.0 through 3.0.12 ECA: Event - Condition - Action versions 3.1.0 through 3.1.4 Description Improperly controlled modification of...
CVE-2026-6169
The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString method which compiles user-supplied template content into PHP code and executes it via eval...
GlassFish's gadget handler is vulnerable to RCE
A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...
CVE-2026-39980
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...
📄 WBCE CMS 1.6.5 LFI / Config Disclosure / Cross Site Scripting
The WBCE CMS frontend loader includes template files without sanitization. This allows local file inclusion, reading configuration files, and persistent cross site scripting via crafted templates. Version 1.6.5 is affected...
Netflix Dispatch 安全漏洞
Netflix Dispatch is a US-based Netflix software that provides deep integration with Slack, GSuite, Jira and other tools and provides security event management. Netflix Dispatch suffers from a security vulnerability that stems from allowing code to be executed within blocks that have not been...
PYSEC-2021-379
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...