CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

52 matches found

RedhatCVE•added 2025/12/17 8:7 a.m.•7 views

CVE-2025-67898

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

7.2CVSS6.9AI score0.02229EPSS

Exploits4References1

EUVD•added 2025/12/15 12:30 a.m.•6 views

EUVD-2025-203312

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

7.2CVSS6.3AI score0.02229EPSS

Exploits4References2

OSV•added 2025/12/15 12:30 a.m.•0 views

GHSA-45H5-66JX-R2WF MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

4.5CVSS5.9AI score0.02229EPSS

Exploits4References4

vulnersOsv•added 2025/12/15 12:30 a.m.•2 views

@27works/posto (>=2.0.0 <=2.0.2), @abdul778/page-editor (>=0.1.0 <=0.41.0) +599 more potentially affected by CVE-2020-12827 +1 more via mjml (>=0.1.0 <=4.18.0)

mjml NPM version =0.1.0, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.0.122, =0.16.9, =1.0.4, =1.0.0, =2.0.0, =12.5.0, =2.2.7-bb.3, =0.0.2, =0.4.3 and more Source cves: CVE-2020-12827, CVE-2025-67898 Source advisory: OSV:GHSA-45H5-66JX-R2WF...

7.2CVSS7.1AI score0.02229EPSS

Exploits4

Github Security Blog•added 2025/12/15 12:30 a.m.•11 views

MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

7.2CVSS6.9AI score0.02229EPSS

Exploits4References4Affected Software1

Snyk•added 2025/12/14 10:39 p.m.•2 views

Directory Traversal

Overview mjml-core is a mjml-core Affected versions of this package are vulnerable to Directory Traversal via the ignoreIncludes parameter, which still defaults to false. An attacker can access arbitrary files by supplying crafted input that causes traversal outside the intended directory. Detail...

7.2CVSS7.5AI score0.0001EPSS

Exploits3References2

vulnersOsv•added 2025/12/14 10:39 p.m.•2 views

@27works/posto (>=2.0.0 <=2.0.2), @abc45676/mailer (=1.0.0) +771 more potentially affected by CVE-2025-67898 via mjml-core (>=2.3.3 <=5.2.0)

mjml-core NPM version =2.3.3, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.0.122, =0.16.9, =1.0.4, =1.0.0, =0.0.1, =0.0.10, =1.0.0, =0.0.1, =0.0.3, =1.0.1, =1.0.6 and more Source cves: CVE-2025-67898 Source advisory: SNYK:JS-MJMLCORE-14417285...

4.5CVSS5.8AI score0.0001EPSS

Exploits3

Snyk•added 2025/12/14 10:39 p.m.•1 views

Directory Traversal

Overview org.webjars.npm:mjml-core is a mjml-core Affected versions of this package are vulnerable to Directory Traversal via the ignoreIncludes parameter, which still defaults to false. An attacker can access arbitrary files by supplying crafted input that causes traversal outside the intended...

7.2CVSS6.4AI score0.0001EPSS

Exploits3References2

NVD•added 2025/12/14 10:15 p.m.•6 views

CVE-2025-67898

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

4.5CVSS0.0001EPSS

Exploits3References1

OSV•added 2025/12/14 10:15 p.m.•7 views

CVE-2025-67898

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

4.5CVSS6.8AI score

Exploits0References1

CVE•added 2025/12/14 10:1 p.m.•11 views

CVE-2025-67898

CVE-2025-67898 affects MJML up to version 4.18.0, where the mj-include directive allows directory traversal to test file existence and, in type="css" cases, read files. The issue arises from an incomplete fix related to CVE-2020-12827. Several connected sources corroborate the exact behavior (dir...

4.5CVSS6.5AI score0.0001EPSS

Exploits3References1

Vulnrichment•added 2025/12/14 10:1 p.m.•5 views

CVE-2025-67898

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

4.5CVSS6.5AI score0.0001EPSS

Exploits3References1

Cvelist•added 2025/12/14 10:1 p.m.•19 views

CVE-2025-67898

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

4.5CVSS0.0001EPSS

Exploits3References1

CNNVD•added 2025/12/14 12:0 a.m.•4 views

Mailjet MJML 安全漏洞

Mailjet MJML is a responsive email framework from the French company Mailjet. A security vulnerability exists in Mailjet MJML version 4.18.0 and earlier, which stems from mj-include allowing directory traversal, which could lead to testing for file existence and reading files...

4.5CVSS6.3AI score0.0001EPSS

Exploits3References1

Positive Technologies•added 2025/12/14 12:0 a.m.•2 views

PT-2025-51175

Name of the Vulnerable Software and Affected Versions MJML versions through 4.18.0 Description The software contains a directory traversal flaw within the mj-include functionality. This allows an attacker to check for the existence of files and, in cases where the type is set to "css", read files...

4.5CVSS7.3AI score0.0001EPSS

Exploits3References5

EUVD•added 2025/10/03 8:7 p.m.•12 views

EUVD-2022-2384

Malicious code in bioql PyPI...

7.2CVSS7.2AI score0.02229EPSS

Exploits4References10

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2024-0518

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.01071EPSS

Exploits1References7