17 matches found
CVE-2026-34730
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34726
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34730
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34726
Summary: The CVE placeholder CVE-2026-34726 is related to a real vulnerability in Copier (GHSA-85V3-4M8G-HRH6) where the _subdirectory setting accepts parent-directory traversal (e.g., ..) and can escape the template root. This allows a template to render files from the parent directory instead o...
CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34726
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2025-68077
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Stockholm stockholm allows Stored XSS.This issue affects Stockholm: from n/a through = 9.14.1...
EUVD-2025-203541
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Stockholm stockholm allows Stored XSS.This issue affects Stockholm: from n/a through = 9.14.1...
CVE-2025-68077 WordPress Stockholm theme <= 9.14.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Stockholm stockholm allows Stored XSS.This issue affects Stockholm: from n/a through = 9.14.1...
WordPress plugin Stockholm 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-51457
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Stockholm stockholm allows Stored XSS.This issue affects Stockholm: from n/a through = 9.14.1...
WordPress Stockholm theme <= 9.14.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Stockholm versions = 9.14.1...
CVE-2024-21989
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges...
NetApp ONTAP Select Deploy administration utility 安全漏洞
NetApp ONTAP Select Deploy administration utility is an administration utility for deploying and managing ONTAP Select clusters from Network Appliance NetApp. A security vulnerability exists in NetApp ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x , and 9.14.1.x that stems...
PT-2024-19141 · Netapp · Ontap Select Deploy Administration Utility
Name of the Vulnerable Software and Affected Versions: ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x Description: The issue allows a read-only user to escalate their privileges when successfully exploited. Recommendations: For versions 9.12.1.x, consider...