Lucene search
+L

300 matches found

nvd
nvd
added last week5 views

CVE-2026-55865

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed % case % tag without an associated % when % or % else % block and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give...

7.1CVSS0.00451EPSS
Exploits0References3
cvelist
cvelist
added last week33 views

CVE-2026-55865 Python Liquid: Infinite loop when parsing malformed `{% case %}` tags

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed % case % tag without an associated % when % or % else % block and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give...

7.1CVSS0.00451EPSS
Exploits0References3
attackerkb
attackerkb
added last week7 views

CVE-2026-55865

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed % case % tag without an associated % when % or % else % block and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give...

7.1CVSS6AI score0.00451EPSS
Exploits0References4Affected Software1
cve
cve
added last week15 views

CVE-2026-55865

CVE-2026-55865 concerns the Python Liquid template engine. Before version 2.2.1, a malformed {% case %} tag without a corresponding {% when %} or {% else %} and without a terminating {% endcase %} could cause an infinite loop during parsing, due to an incorrect EOF token handling in liquid.TokenS...

7.1CVSS6AI score0.00451EPSS
Exploits0References3
osv
osv
added last week3 views

CVE-2026-55865 Python Liquid: Infinite loop when parsing malformed `{% case %}` tags

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed % case % tag without an associated % when % or % else % block and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give...

7.1CVSS6.1AI score0.00451EPSS
Exploits0References5
osv
osv
added 2026/06/26 9:2 p.m.3 views

GHSA-6Q7J-XR26-3H2C Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)

Summary The ExpressionDepthLimit parser guard in Scriban does not actually stop parsing — it only logs a non-fatal error and lets recursive descent continue. As a result, a template containing a deeply nested expression parentheses, array initializers, object initializers, or unary operators driv...

6.9CVSS6.1AI score
Exploits0References2
osv
osv
added 2026/06/19 8:46 p.m.6 views

GHSA-VQ2F-VCC9-J8MV Python Liquid: Infinite loop when parsing malformed `{% case %}` tags

Impact Given a malformed % case % tag without associated % when % or % else % block, and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack. Patches The issue is fixed in...

5.3CVSS5.8AI score0.00451EPSS
Exploits0References2
snyk
snyk
added 2026/06/19 8:46 p.m.5 views

Infinite loop

Overview python-liquid is an A Python engine for the Liquid template language. Affected versions of this package are vulnerable to Infinite loop in the % case % tag parsing logic, caused by an incorrect definition of the EOF token's kind and value in the TokenStream.eof attribute. A user who can...

7.1CVSS5.8AI score0.00451EPSS
Exploits0References2
nvd
nvd
added 2026/06/17 11:17 p.m.14 views

CVE-2026-44644

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through a flaw in the striphtml filter logic. The striphtml filter is intended to remove HTML tags from a string before rendering, and is widely used as an XS...

6.1CVSS0.00203EPSS
Exploits0References3
cve
cve
added 2026/06/16 9:4 a.m.48 views

CVE-2026-49772

CVE-2026-49772 affects WordPress plugin The Events Calendar (Liquid Web / StellarWP) versions 6.15.12–6.16.2. The issue is an SQL Injection due to improper neutralization of special elements, enabling blind SQL injection. CVSS 3.1 base score 9.3 (CRITICAL) with AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L...

9.3CVSS5.6AI score0.00229EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:18 p.m.16 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.6AI score0.00335EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40780

Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...

7.5CVSS5.4AI score0.00267EPSS
Exploits0References1
nvd
nvd
added 2026/06/02 4:16 p.m.15 views

CVE-2026-40780

Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...

7.5CVSS0.00267EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/02 3:7 p.m.8 views

CVE-2026-40780

Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References2
euvd
euvd
added 2026/06/02 3:7 p.m.10 views

EUVD-2026-33948

Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.17 views

PT-2026-45779

Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.25 views

PT-2026-45465

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from n/a through 4.14.5...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References2
nvd
nvd
added 2026/05/28 4:16 p.m.28 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS0.00335EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2026/05/28 4:16 p.m.6 views

blrec (>=1.8.0 <=2.0.0b5), dagster-looker (>=0.26.6 <=0.29.8) +6 more potentially affected by CVE-2026-45017 via python-liquid (>=1.10.2 <=2.0.2)

python-liquid PYPI version =1.10.2, =1.8.0, =0.26.6, =0.8.0, =0.1.1, =0.1.0, =0.1.0, =0.4.0, =0.0.1, =0.3.0 Source cves: CVE-2026-45017 Source advisory: OSV:PYSEC-2026-192...

8.2CVSS5.7AI score0.00335EPSS
Exploits0
pypa
pypa
added 2026/05/28 4:16 p.m.9 views

PYSEC-0000-CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder