Lucene search
K

6 matches found

EUVD
EUVD
added 2025/12/15 6:30 p.m.5 views

EUVD-2025-203397

An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

7AI score0.00507EPSS
Exploits1References3
OSV
OSV
added 2025/12/15 5:15 p.m.3 views

CVE-2025-66435

An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

4.3CVSS7.3AI score
Exploits0References2
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.26 views

CVE-2025-66435

An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

0.00289EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.7 views

PT-2025-51252

An SSTI Server-Side Template Injection vulnerability exists in the get dunning letter text method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates body text using frappe.render template with a user-supplied context doc. Although Frappe uses a custom...

7.5AI score0.00507EPSS
Exploits1References3
Veracode
Veracode
added 2025/03/07 5:27 a.m.13 views

Remote Code Execution

Picklescan is vulnerable to Remote Code Execution. The vulnerability is due to improper restriction of dangerous globals, allowing an attacker to craft a malicious model that executes pip.main to install and execute malicious packages...

9.8CVSS7.6AI score0.01592EPSS
Exploits4References8Affected Software1
Kitploit
Kitploit
added 2020/12/07 11:30 a.m.50 views

Js-X-Ray - JavaScript And Node.js Open-Source SAST Scanner (A Static Analysis Of Detecting Most Common Malicious Patterns)

JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting th...

7.2AI score
Exploits0References3
Rows per page
Query Builder