Unity Linux 20.1070e Security Update: velocity-tools (UTSA-2026-016718)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016718 advisory. The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an X...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Velocity

Summary A vulnerability has been identified in Apache Velocity library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run...

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Apache-Velocity library

Summary Vulnerabilities have been identified in Apache-Velocity library, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java cod...

EUVD-2021-0652

Malware in sbrugna...

CVE-2025-51991

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can inject crafted Apache Velocity template code, which is...

Oracle WebLogic Server (April 2025 CPU)

The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by a vulnerability as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized Thirdparty Jars Apache...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Velocity

Summary A vulnerability has been identified in Apache Velocity, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: Apache Velocity could all...

Fedora: Security Advisory for plexus-velocity (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: plexus-velocity-2.0-6.fc40

This package provides Plexus Velocity component - a wrapper for Apache Velocity template engine, which allows easy use of Velocity by applications built on top of Plexus container...

Security Bulletin: IBM Storage Protect for Virtual Environments is vulnerable to arbitrary code execution, sensitive information disclosure, and denial of service due to CVEs in Apache Velocity, Apache Jena, and XStream (woodstox)

Summary IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by security flaws in Apache Velocity, Apache Jena, and XStream woodstox. The flaws can lead to arbitrary code execution, sensitive information disclosure, and denial of...

Security Bulletin: IBM Match 360 is affected due to a denial of service due to vulnerability in Apache Velocity Engine [CVE-2020-13936]

Summary An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running...

USN-6282-1: Velocity Tools vulnerability

Jackson Henry discovered that Velocity Tools incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Velocity Engine vulnerability (USN-6281-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6281-1 advisory. Alvaro Munoz discovered that Velocity Engine incorrectly handled certain inputs. If a user or an automated system were tricked into openin...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Velocity Tools vulnerability (USN-6282-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6282-1 advisory. Jackson Henry discovered that Velocity Tools incorrectly handled certain inputs. If a user or an automated system were tricked into openin...

Oracle Primavera Unifier (Oct 2022 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Document Management Apache Solr. Supported...

GHSA-59J4-WJWP-MW9M Sandbox Bypass in Apache Velocity Engine

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...

Sandbox Bypass in Apache Velocity Engine

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...

GLSA-202107-52 : Apache Velocity: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202107-52 Apache Velocity: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Apache Velocity. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE...

Huawei EulerOS: Security Advisory for velocity (EulerOS-SA-2021-2437)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Velocity: Multiple vulnerabilities

Background Apache Velocity is a general purpose template engine. Description Multiple vulnerabilities have been discovered in Apache Velocity. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...