6 matches found
EUVD-2025-203397
An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
CVE-2025-66435
An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
CVE-2025-66435
An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
PT-2025-51252
An SSTI Server-Side Template Injection vulnerability exists in the get dunning letter text method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates body text using frappe.render template with a user-supplied context doc. Although Frappe uses a custom...
Remote Code Execution
Picklescan is vulnerable to Remote Code Execution. The vulnerability is due to improper restriction of dangerous globals, allowing an attacker to craft a malicious model that executes pip.main to install and execute malicious packages...
Js-X-Ray - JavaScript And Node.js Open-Source SAST Scanner (A Static Analysis Of Detecting Most Common Malicious Patterns)
JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting th...