14 matches found
PT-2026-21846
Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 1.2.3 Description InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom...
CVE-2024-43405
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code...
GHSA-7H5P-MMPP-HGMM Nuclei Template Signature Verification Bypass
Summary A vulnerability has been identified in Nuclei's template signature verification system that could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. Affected Component The vulnerability is present in the template signature...
OS Command Injection
Nuclei is vulnerable to OS Command Injection. The vulnerability is due to the -code option in code templates, allowing users to edit and execute workflow files in some web applications, leading to arbitrary command execution...
PT-2024-28959 · Nuclei · Nuclei
Name of the Vulnerable Software and Affected Versions: Nuclei versions prior to 3.3.0 Description: A way to execute code templates without the -code option and signature has been discovered in Nuclei. This issue affects some web applications that inherit from Nuclei and allow users to edit and...
Arbitrary Code Execution
github.com/projectdiscovery/nuclei is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper validation of signed workflows within the parseWorkflowTemplate function in workflows.go, which allows the execution of unsigned code templates through workflows...
CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...
CVE-2022-47896
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks...
CVE-2022-47896
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks...
Code injection
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks...
CVE-2022-47896
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks...
CVE-2022-47896
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks...
JetBrains IntelliJ IDEA 代码注入漏洞
JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2022.3.1, which stems from a code template that is susceptible to SSTI attacks...
Android Studio - The official Android IDE
Android Studio is the official IDE for Android application development, based on IntelliJ IDEA. On top of the capabilities you expect from IntelliJ, Android Studio offers: Flexible Gradle-based build system Build variants and multiple apk file generation Code templates to help you build common ap...