27 matches found
CVE-2026-9498
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...
CVE-2026-9498
Technical details are not publicly available in the provided documents. Monitor for updates.
EUVD-2026-31733
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...
CVE-2026-9498
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...
CVE-2026-9498 Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...
Dromara Lamp-Cloud 安全漏洞
Dromara Lamp-Cloud is dromara open source based on Jdk11 SpringCloud SpringBoot development of microservices in the backend rapid development platform . Dromara lamp-cloud 5.6.2 and earlier versions of a security vulnerability , the vulnerability stems from the Message Template Handler component ...
PT-2026-43117
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...
EUVD-2024-16394
Malicious code in bioql PyPI...
CVE-2025-10707
A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be...
CVE-2025-10707
A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be...
CVE-2025-10707
A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be...
Incorrect User Management
Overview jeecgboot-vue3 is an Agent =============== 当前最新版本: 3.8.1(预计发布时间:2025-04-21) Affected versions of this package are vulnerable to Incorrect User Management via the sendMsg function in the /message/sysMessageTemplate/sendMsg path. An attacker can gain unauthorized access to sensitive...
CVE-2025-10707 JeecgBoot sendMsg improper authorization
A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be...
JeecgBoot 安全漏洞
JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. A security vulnerability exists in JeecgBoot 3.8.2 and earlier versions, which stems from improper authorization in the file /message/sysMessageTemplate/sendMsg, which could lead to a remote...
PT-2025-38525
Name of the Vulnerable Software and Affected Versions JeecgBoot versions through 3.8.2 Description A weakness exists in JeecgBoot that may lead to improper authorization. The issue affects an unknown function within the /message/sysMessageTemplate/sendMsg file. The exploit for this issue has been...
CVE-2024-0601
A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to...
Malicious code in message-template-app (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-11384 Malicious code in message-template-app (npm)
--- -= Per source details. Do not edit below this line.=-...
PYSEC-2024-37
nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...
GHSA-59J8-776V-XXXG NoneBot Potential Information Leak in User-Constructed Message Templates
Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...