CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

121 matches found

Node.js Embedded JavaScript 3.1.6 - Template Injection

Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settingsview optionsoutputFunctionName, which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation. id:...

9.8CVSS6.9AI score0.93462EPSS

Exploits5References5

Nuclei•added 16 hours ago•896 views

Embedded JavaScript(EJS) 3.1.6 - Template Injection

ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. id: CVE-2023-29827 info: name: Embedded JavaScriptEJS 3.1.6 - Template Injection author:...

9.8CVSS7.3AI score0.6627EPSS

Exploits1References3

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в node-ejs

The ejs also known as Embedded JavaScript templates package in Node.js before version 3.1.10 lacked certain measures to prevent pollution...

4CVSS6.4AI score0.0154EPSS

Exploits1References2

Cvelist•added 2026/05/11 9:32 a.m.•32 views

CVE-2026-41951

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS0.00061EPSS

Exploits0References2

GithubExploit•added 2026/04/12 1:24 p.m.•70 views

Exploit for Code Injection in Ejs

No d...

9.8CVSS6.7AI score0.93462EPSS

Exploits5

ATTACKERKB•added 2026/04/09 4:54 p.m.•1 views

CVE-2026-39980

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS6AI score0.00046EPSS

Exploits0References3Affected Software1

IBM Security Bulletins•added 2025/12/23 2:49 p.m.•2 views

Security Bulletin: Multiple open source vulnerabilities affect IBM Db2 Big SQL on Cloud Pak for Data

Summary Multiple open source vulnerabilities affect IBM Db2 Big SQL 7 on Cloud Pak for Data 5 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization header...

7.5CVSS7.9AI score0.02199EPSS

Exploits3Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-0340

Malware in sbrugna...

10CVSS9.3AI score0.0718EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-0173

Malware in sbrugna...

7.5CVSS7.4AI score0.00913EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-0347

Malware in sbrugna...

6.1CVSS6.1AI score0.00234EPSS

Exploits0References6

GithubExploit•added 2025/09/16 8:28 a.m.•166 views

Exploit for CVE-2025-27210

This is a PoC exploit for CVE-2025-27210, a vulnerability in a N...

7.5CVSS8.2AI score0.07725EPSS

Exploits5

Tenable Nessus•added 2025/08/18 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2023-29827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration...

9.8CVSS8.3AI score0.6627EPSS

Exploits1References2

OSV•added 2025/08/14 6:52 p.m.•1 views

MAL-2025-19278 Malicious code in ejs-client (npm)

The package ejs-client was found to contain malicious code...

7.2AI score

Exploits0

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•1 views

Malicious code in ejs-client (npm)

The package ejs-client was found to contain malicious code...

7AI score

Exploits0

OSV•added 2025/07/21 3:15 p.m.•2 views

CVE-2025-46120

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a...

9.8CVSS6.1AI score

Exploits0References2

NVD•added 2025/07/21 3:15 p.m.•5 views

CVE-2025-46120

9.8CVSS0.04806EPSS

Exploits1References2

Cvelist•added 2025/07/21 12:0 a.m.•8 views

CVE-2025-46120

0.04806EPSS

Exploits1References2

CVE•added 2025/07/21 12:0 a.m.•21 views

CVE-2025-46120

The CVE-2025-46120 entry affects CommScope Ruckus Unleashed (before 200.15.6.212.27 and 200.18.7.1.323) and Ruckus ZoneDirector (before 10.5.1.0.282). A path-traversal flaw in the web interface allows an attacker who can upload a template (e.g., via FTP) to have the server execute attacker-suppli...

9.8CVSS7.3AI score0.04806EPSS

Exploits1References2Affected Software2

IBM Security Bulletins•added 2025/06/17 8:17 a.m.•16 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Prototype Pollution due to ejs package ( CVE-2024-33883)

Summary Potential vulnerabilities in ejs package has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-33883 DESCRIPTION: The ejs aka Embedded JavaScript templates package before 3.1.10 for Node.js lacks certain pollution protection. CWE:CWE-693:...

4CVSS4.5AI score0.0154EPSS

Exploits1Affected Software1