CVE-2026-29514

A flaw was found in NetBox. Authenticated users with exporttemplate or configtemplate permissions can exploit a vulnerability in the RenderTemplateMixin.getenvironmentparams method. By specifying malicious Python code in the environmentparams field, attackers can bypass security protections and...

CVE-2026-29514 NetBox 4.3.5 - 4.5.4 RCE via RenderTemplateMixin

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.getenvironmentparams method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the...

CVE-2026-29514 NetBox 4.3.5 - 4.5.4 RCE via RenderTemplateMixin

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.getenvironmentparams method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the...

NetBox 安全漏洞

NetBox is a tool developed by the NetBox community, based on Django and PostgreSQL, for IP address management IPAM and data center infrastructure management DCIM. There were security vulnerabilities in versions 4.3.5 to 4.5.4 of NetBox. These vulnerabilities stemmed from remote code execution in...

PT-2026-36830

Name of the Vulnerable Software and Affected Versions NetBox versions 4.3.5 through 4.5.4 Description An issue in the RenderTemplateMixin.get environment params method allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code. By specifying malicious...

CVE-2025-15172

A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit ha...

CVE-2025-15172 SohuTV CacheCloud RedisConfigTemplateController.java preview cross site scripting

A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit ha...

CVE-2025-15172 SohuTV CacheCloud RedisConfigTemplateController.java preview cross site scripting

A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit ha...

CVE-2025-15172

The CVE-2025-15172 entry concerns SohuTV CacheCloud

SUSE-SU-2019:1862-1 Security update for ardana and crowbar

This update for ardana and crowbar fixes the following issues: - Restrict rootwrap directories for cinder bsc1132542 - Change Cinder default log level from DEBUG to INFO SCRD-7132 - Remove configuration from migration bsc1126391 - Configurable innodb flush options SCRD-7496 - Secure designate's...

CVE-2018-19465

Maccms through 8.0 allows XSS via the sitekeywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/systemconfig.html, related to template/paody/html/vodindex.html...