CVE-2026-6984

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

AstrBot has Incomplete Filtering of Special Elements

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

CVE-2026-6984

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

CVE-2026-6984

AstrBotDevs AstrBot up to version 4.22.1 contains a vulnerability in the Dashboard API, specifically in the create_template function (astrbot/dashboard/routes/t2i.py). The issue is improper neutralization of special elements used in the template engine, enabling remote execution. Public exploit i...

AstrBot 安全漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Versions of AstrBot 4.22.1 and earlier contained a security vulnerability. This vulnerability stemmed from an issue in the createtemplate function within the Dashboard API’s routes/t2i.py file, wher...

CVE-2025-14059

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the createtemplate REST API endpoint where user-controlled input from the emailkit-editor-template parameter is passed...

WordPress plugin EmailKit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2024-53591

Malicious code in bioql PyPI...

CVE-2024-57450

ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...

CVE-2024-57450

ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...

CVE-2024-57450

ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...

CVE-2024-57450

ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...

ChestnutCMS 安全漏洞

ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A security vulnerability exists in ChestnutCMS version 1.5.0 and prior versions, which stems from the vulnerability of uploading files via the Create Template feature...

PT-2025-3447 · Unknown · Chestnutcms

Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions 1.5.0 and earlier Description: The issue allows for File Upload via the Create template function. Recommendations: For ChestnutCMS versions 1.5.0 and earlier, update to a version that fixes this issue. At the moment, ther...

CVE-2023-34209

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

CVE-2023-34209

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

Path traversal

Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive...

CVE-2023-34209 Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

PT-2023-24737 · Easyuse · Easyuse Mailhunter Ultimate

Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to perform arbitrary system commands with ‘NT AuthoritySYSTEM‘ privilege via a crafted ZIP archive. This is due to an unrestricted...

Github Cachet Injection Vulnerability

Github Cachet is a software application. An open source status page system. An injection vulnerability exists in versions of Cachet prior to 2.4 that stems from allowing users to execute arbitrary code during poor filtering and older twig versions via the Create Template feature...