23 matches found
CVE-2026-39859
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. A Liquid instance configured with an empty...
CVE-2026-39859 LiquidJS has a renderFile() / parseFile() bypass configured root and allow arbitrary file read
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. A Liquid instance configured with an empty...
CVE-2026-39859
LiquidJS (liquidjs) has a path traversal vulnerability in renderFile()/parseFile() where top-level file loads do not enforce the configured root boundary, allowing access to arbitrary local files when root is empty. Affected versions are before 10.25.3; the issue is fixed in 10.25.3 (per NVD/Red ...
GHSA-V273-448J-V4QJ LiquidJS: `renderFile()` / `parseFile()` bypass configured `root` and allow arbitrary file read
liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. The published npm package [email protected] on Linux 6.17.0 with Node v22.22.1. A Liquid instance configured with an empty temporary directory as roo...
PT-2026-31354
liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. The published npm package [email protected] on Linux 6.17.0 with Node v22.22.1. A Liquid instance configured with an empty temporary directory as roo...
CVE-2025-13842 Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...
rubygem-actionpack: render file directory traversal in Action View
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...
rubygem-actionpack: render file directory traversal in Action View
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...
rubygem-actionpack: render file directory traversal in Action View
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...
rubygem-actionpack: render file directory traversal in Action View
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...
Ruby on Rails Arbitrary File Read Vulnerability
Ruby on Rails is a very productive, high-maintenance, easy-to-deploy Ruby on Rails Ruby on Rails is a very productive, high-maintenance, and easy-to-deploy web development framework developed using Ruby, and is one of the preferred frameworks for web application development worldwide. Ruby on Rai...
Exploit for Path Traversal in Rubyonrails Rails
CVE-2019-5418 - File Content Disclosure on Rails EDIT: th...
Information Disclosure
actionpack is vulnerable to information disclosure. A remote attacker is able to retrieve arbitrary files on the target server when sending malicious Accept headers that are parsed with render file:...
GHSA-6X77-RPQF-J6MW ejs vulnerable to DoS due to weak input validation
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in ejs.renderFile...
DEBIAN-CVE-2017-1000188
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile resulting in code injection...
nodejs ejs cross-site scripting vulnerability
nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A cross-site scripting vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.5. A remote attacker can exploit the vulnerability to inject code...
nodejs ejs remote code execution vulnerability
nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A remote code execution vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.3, which stems from weak input validation. A remote attacker could...
Directory traversal
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...
DEBIAN-CVE-2017-9031
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...
UBUNTU-CVE-2017-9031
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...