CVE-2026-29514

A flaw was found in NetBox. Authenticated users with exporttemplate or configtemplate permissions can exploit a vulnerability in the RenderTemplateMixin.getenvironmentparams method. By specifying malicious Python code in the environmentparams field, attackers can bypass security protections and...

CVE-2026-29514 NetBox 4.3.5 - 4.5.4 RCE via RenderTemplateMixin

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.getenvironmentparams method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the...

CVE-2026-29514 NetBox 4.3.5 - 4.5.4 RCE via RenderTemplateMixin

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.getenvironmentparams method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the...

PT-2026-36830

Name of the Vulnerable Software and Affected Versions NetBox versions 4.3.5 through 4.5.4 Description An issue in the RenderTemplateMixin.get environment params method allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code. By specifying malicious...

GHSA-R294-2894-92J3 OpenClaw has stored XSS in exported session HTML viewer via markdown/raw-HTML rendering

Summary The exported session HTML viewer allowed stored XSS when untrusted session content included raw HTML markdown tokens or unescaped metadata fields. Impact Opening a crafted exported HTML session could execute attacker-controlled JavaScript in the viewer context. This can expose session...

Malicious code in coreapi-export-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe86815fc8cb7bbb88f1deeb64b81cd4927a5d42200c02111fcf22b2bd9944a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4048 Malicious code in coreapi-export-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe86815fc8cb7bbb88f1deeb64b81cd4927a5d42200c02111fcf22b2bd9944a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

XWiki Platform 安全漏洞

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform, which can be exploited to remotely execute code via a PDF export template...

XAMPP 5.6.40 SQL Injection

Exploit Title: XAMPP - Error Based SQL Injection Date: 02/2024 Exploit Author: Andrey Stoykov Version: 5.6.40 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com Steps to Reproduce: 1. Login to phpmyadmin 2. Visit Export New Template test Create 3. Navigate to "Existing Templates" 4...

Stripo Inc: SSRF in Export template to ActiveCampaign

Summary: I found a SSRF vulneranility in export template to email marketing platform ActiveCampaign. Steps To Reproduce: add details for how we can reproduce the issue 1. Login to your account in 1. Go to https://my.stripo.email/cabinet//templates/ 1. Click on Create your first mail & select one...

Arbitrary File Deletion Vulnerability in LibreHealthIO LH-EHR

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file deletion vulnerability exists in the export template in the LibreHealthIO LH-EHR REL-2.0.0 release. An attacker can exploit this vulnerability to cause a denial of servic...

Arbitrary File Write Vulnerability in LibreHealthIO LH-EHR

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file write vulnerability exists in the export template in the LibreHealthIO LH-HER REL-2.0.0 release. An attacker can exploit this vulnerability to write files with malicious...