374 matches found
beets 跨站脚本漏洞
Beets is an open-source music collection management and metadata optimization tool developed by Beetbox. Versions of Beets prior to 2.10.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Web UI’s use of the Underscore template interpolation pattern for handling...
GHSA-3GXM-WFJX-M847 beets has a Cross-site Scripting vulnerability
During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: 80cd21554124da07d17a4f962c7d770a4f70d0f2 - Vulnerability Type: Stored XSS - Affected Location: beetsplug/web/templates/index.html:42 - Trigger Scenario:...
beets has a Cross-site Scripting vulnerability
During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: 80cd21554124da07d17a4f962c7d770a4f70d0f2 - Vulnerability Type: Stored XSS - Affected Location: beetsplug/web/templates/index.html:42 - Trigger Scenario:...
CVE-2026-3837
An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...
PT-2026-37153
Name of the Vulnerable Software and Affected Versions i18next-fs-backend versions prior to 2.6.4 Description i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath and addPath templates to read or write files from the disk. Because this interpolation is...
PT-2026-34548
Name of the Vulnerable Software and Affected Versions Frappe version 16.10.10 Description An authenticated attacker can store a crafted tag value in user tags to trigger JavaScript execution when a victim opens the list or report view where tags are rendered. This occurs because the renderer...
EUVD-2026-23992
Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values...
SUSE CVE-2026-40527
radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...
CVE-2026-40527
A flaw was found in radare2. A remote attacker can exploit this by crafting an ELF Executable and Linkable Format binary that embeds malicious commands within its DWARF Debugging With Attributed Record Formats parameter names. When radare2 analyzes such a binary, these embedded commands are...
CVE-2026-40527
radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...
October Rain has Environment Variable Exfiltration via INI Parser Interpolation
A server-side information disclosure vulnerability was identified in the INI settings parser. PHP's parseinistring function supports $ syntax for environment variable interpolation. Attackers with Editor access could inject $APPKEY, $DBPASSWORD, or similar patterns into CMS page settings fields,...
EUVD-2026-19724
Emissary has Stored XSS via Navigation Template Link Injection...
PYSEC-2026-158
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...
Authorizer: CQL/N1QL Injection in Cassandra and Couchbase Backends via fmt.Sprintf String Interpolation
Vulnerability Details CWE: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic All 66+ CQL queries in internal/storage/db/cassandradb/ use fmt.Sprintf to interpolate user-controlled values directly into CQL query strings without parameterization. Unauthenticated endpoints...
CVE-2026-35043
CVE-2026-35043 affects BentoML prior to 1.4.38. The cloud deployment path in bentoml/_internal/cloud/deployment.py interpolates system_packages directly into a shell command in the generated setup.sh, enabling remote code execution on the CI/CD cloud build infrastructure during deployment. The is...
GHSA-GJW9-34GF-RP6M Budibase: Command Injection in Bash Automation Step
Location: packages/server/src/automations/steps/bash.ts Description The bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potentially allowing...
Budibase: Command Injection in Bash Automation Step
Location: packages/server/src/automations/steps/bash.ts Description The bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potentially allowing...
CVE-2026-25044
Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potentially allowing...
CVE-2026-25044 Budibase: Command Injection in Bash Automation Step
Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potentially allowing...
EUVD-2026-18380
Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory...