45 matches found
CVE-2026-40477 Improper restriction of the scope of accessible objects in Thymeleaf expressions
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...
EUVD-2007-5213
Malware in sbrugna...
EUVD-2010-2514
Malware in sbrugna...
EUVD-2010-2513
Malware in sbrugna...
EUVD-2025-31716
Malicious code in bioql PyPI...
CVE-2019-15774
creationtimestamp| type| source ---|---|--- 2025-09-18 11:49:49+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2019/CVE-2019-15774.yaml 2025-09-19 21:02:31+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lz7r6srwr52d...
Improper handling of JavaScript whitespace in html/template
...
CVE-2010-2509
Multiple cross-site scripting XSS vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the 1 keyword parameter to category.php and the 2 password parameter to memberlogin.php...
CVE-2010-2510
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter...
Malicious code in ort-web-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3e179ffca16c7ee28162f57656f14612c34005f447e5f557edc742a4dd9120e6 The OpenSSF Package Analysis project identified 'ort-web-template' @ 100.100.1337 npm as malicious. It is considered malicious because: - The...
MAL-2025-4044 Malicious code in ort-web-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3e179ffca16c7ee28162f57656f14612c34005f447e5f557edc742a4dd9120e6 The OpenSSF Package Analysis project identified 'ort-web-template' @ 100.100.1337 npm as malicious. It is considered malicious because: - The...
CVE-2022-36093
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...
MAL-2024-151 Malicious code in california-state-web-template-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 91a0432190eb409c84a7c6bf3c06b34d9b7c4571be93f31b3635a925f4a4099e The OpenSSF Package Analysis project identified 'california-state-web-template-react' @ 9.2.1 npm as malicious. It is considered malicious...
Malicious code in california-state-web-template-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 91a0432190eb409c84a7c6bf3c06b34d9b7c4571be93f31b3635a925f4a4099e The OpenSSF Package Analysis project identified 'california-state-web-template-react' @ 9.2.1 npm as malicious. It is considered malicious...
golang: html/template: improper handling of HTML-like comments within script contexts
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
EARCLINK ESPCMS 安全漏洞
Honghu Erchuang Netlink Information Technology EARCLINK ESPCMS is an enterprise website building system of China Honghu Erchuang Netlink Information Technology Company. A security vulnerability exists in EARCLINK ESPCMS P8, which was discovered via the fetchfilename function in...
Malicious code in misk-web-tab-template-basic (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af5ad7e61d179d5150addce9f3bd9838c06999a4f076ed576677b36505796638 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...