CVE-2026-48844

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

EUVD-2026-31717

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

dynaconf 安全漏洞

dynaconf is an open-source Python application configuration management library developed by Dynaconf. Versions of dynaconf prior to 3.2.13 contained security vulnerabilities. These vulnerabilities stemmed from insecure template evaluations in the @Jinja parser, which could lead to server-side...

GHSA-PXRR-HQ57-Q35P dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

Summary Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment. If an attacker can...

jsonpath 安全漏洞

JSONPath is a JSONPath engine developed by David Chester as an individual contributor. There is a security vulnerability in JSONPath, which stems from the insecure evaluation of JSON Path expressions provided to users. This vulnerability may lead to arbitrary code injection, potentially causing...

CVE-2024-8048

In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924, a code execution attack is possible using object injection via insecure expression evaluation...