CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploits0References1Affected Software1

Cvelist•added last week•23 views

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

8.2CVSS0.0009EPSS

Exploits0References1

ATTACKERKB•added last week•2 views

CVE-2026-45017

Exploits0References2Affected Software1

CVE•added last week•8 views

CVE-2026-45017

CVE-2026-45017 affects the Python Liquid engine. Before 2.2.0, FileSystemLoader and CachingFileSystemLoader fail to guard against reading files outside the search path when given absolute paths, enabling a malicious template author to load and render arbitrary files via {% include %} and {% rende...

Exploits0References1Affected Software1

EUVD•added last week•6 views

EUVD-2026-32907

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

Exploits0References1

PT-2026-39696

Name of the Vulnerable Software and Affected Versions Python Liquid versions prior to 2.2.0 Description The built-in FileSystemLoader and CachingFileSystemLoader do not prevent reading files outside their designated search paths when an absolute path is provided. This allows malicious template...

Cvelist•added 2026/03/27 2:50 p.m.•19 views

Exploits0References5

CVE-2026-4980 Improper Restriction of XML External Entity Reference in Inkscape

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS0.00041EPSS

Exploits1References2

NVD•added 2026/03/25 11:17 p.m.•1 views

CVE-2026-33913

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....

7.7CVSS0.0007EPSS

Exploits1References3

NVD•added 2026/03/10 9:16 p.m.•0 views

CVE-2026-30952

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the...

8.7CVSS0.00021EPSS

EUVD•added 2026/03/10 8:25 p.m.•0 views

EUVD-2026-10873

OSV•added 2026/03/10 8:25 p.m.•2 views

CVE-2026-30952 liquidjs has a path traversal fallback vulnerability

8.7CVSS5.8AI score0.00021EPSS

Exploits1References6

Vulnrichment•added 2026/03/10 8:25 p.m.•1 views

CVE-2026-30952 liquidjs has a path traversal fallback vulnerability

Github Security Blog•added 2026/03/10 1:4 a.m.•3 views

liquidjs has a path traversal fallback vulnerability

Impact The layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the default. This poses a security risk when malicious users are allowed to control the template...

Exploits1References6Affected Software1

Positive Technologies•added 2026/03/10 12:0 a.m.•1 views

PT-2026-24182

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.0 Description The layout, render, and include tags are susceptible to arbitrary file access through absolute paths. This can occur when paths are provided as string literals or through Liquid variables,...

CNNVD•added 2026/03/10 12:0 a.m.•2 views

Exploits1References7

liquidjs 路径遍历漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.0 had a path traversal vulnerability. This vulnerability stems from the layout, render, and include tags allowing access to arbitrary files via absolute...