CVE-2026-24452

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...

EUVD-2026-8975

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...

CVE-2026-24452

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...

CVE-2026-24452

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...

CVE-2026-24452

CVE-2026-24452 describes an OS command injection in XWEB Pro ≤ 1.12.1. An authenticated attacker can achieve remote code execution by supplying a crafted template file to the /devices route. The vulnerability is documented across multiple sources (NVD, Red Hat, EUVD/ENISA, CVE list) with consiste...

CVE-2026-24452 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...

CVE-2026-24452

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...

PT-2026-22274

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An operating system command injection issue exists in XWEB Pro, allowing an authenticated attacker to execute code remotely on the system. This is achieved by providing a manipulated template file ...

CVE-2025-64087

A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...

CVE-2025-64087

A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the template parsing process within the certtool utility. An attacker can cause memory corruption and potentially crash the system by providing a specially crafted template file that triggers an out-of-boun...

CVE-2019-17324

ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability ...

CVE-2025-47916

Invision Community 5.0.0–5.0.6 (and up to 5.0.7 fixed) contains an unauthenticated RCE in the themeeditor.php controller, via the customCss() method. The content parameter is passed to Theme::makeProcessFunction(), allowing the template engine to evaluate crafted template expressions, enabling ar...

Atlassian Plugin People Enterprise Mail Handler for Jira Data Center 安全漏洞

Atlassian Plugin People Enterprise Mail Handler for Jira Data Center is an enterprise message handling plugin from Atlassian Australia. A security vulnerability exists in Atlassian Plugin People Enterprise Mail Handler for Jira Data Center versions prior to 4.1.69-dc. An attacker can exploit this...

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

Remote Code Execution

pyloadng is vulnerable to remote code execution RCE. The vulnerability is due to improper file path handling and template rendering, allowing an authenticated user to upload and execute a crafted template file...

Fortinet FortiManager 安全漏洞

Fortinet FortiManager is a centralized management appliance that provides a comprehensive network security management solution. A security vulnerability exists in Fortinet FortiManager, which can be exploited by a local attacker to submit a special template request that can be used to execute...

PT-2023-31948 · Idurar · Idurar

Name of the Vulnerable Software and Affected Versions: IDURAR aka idurar-erp-crm versions 2.0.1 and earlier Description: The issue allows stored XSS via a PATCH request with a crafted JSON email template in the "/api/email/update" data. This can be exploited by sending a specially crafted request...

SUSE CVE-2018-17143

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...