CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

PYSEC-2026-192

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

7.5CVSS5.9AI score0.0009EPSS

Exploits0References1

PyPA•added last week•2 views

PYSEC-0000-CVE-2026-45017

8.2CVSS5.9AI score0.0009EPSS

Exploits0References1Affected Software1

Cvelist•added last week•23 views

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

8.2CVSS0.0009EPSS

Exploits0References1

ATTACKERKB•added last week•2 views

CVE-2026-45017

8.2CVSS5.9AI score0.0009EPSS

Exploits0References2Affected Software1

EUVD•added last week•6 views

EUVD-2026-32907

8.2CVSS5.9AI score0.0009EPSS

Exploits0References1

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

PT-2026-39696

Name of the Vulnerable Software and Affected Versions Python Liquid versions prior to 2.2.0 Description The built-in FileSystemLoader and CachingFileSystemLoader do not prevent reading files outside their designated search paths when an absolute path is provided. This allows malicious template...

8.2CVSS5.9AI score0.0009EPSS

Exploits0References5

NVD•added 2026/04/14 2:16 a.m.•3 views

CVE-2026-39425

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...

5.4CVSS0.0004EPSS

Exploits0References2

EUVD•added 2026/03/10 8:25 p.m.•0 views

EUVD-2026-10873

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the...

8.7CVSS5.9AI score0.00021EPSS

Exploits1References4

OSV•added 2026/03/10 8:25 p.m.•2 views

CVE-2026-30952 liquidjs has a path traversal fallback vulnerability

8.7CVSS5.8AI score0.00021EPSS

Exploits1References6

Vulnrichment•added 2026/03/10 8:25 p.m.•1 views

CVE-2026-30952 liquidjs has a path traversal fallback vulnerability

8.7CVSS5.9AI score0.00021EPSS

Exploits1References4

Github Security Blog•added 2026/03/10 1:4 a.m.•3 views

liquidjs has a path traversal fallback vulnerability

Impact The layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the default. This poses a security risk when malicious users are allowed to control the template...

8.7CVSS5.9AI score0.00021EPSS

Exploits1References6Affected Software1

Positive Technologies•added 2026/03/10 12:0 a.m.•1 views

PT-2026-24182

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.0 Description The layout, render, and include tags are susceptible to arbitrary file access through absolute paths. This can occur when paths are provided as string literals or through Liquid variables,...

8.7CVSS5.9AI score0.00021EPSS

Exploits1References7

CNNVD•added 2026/03/10 12:0 a.m.•2 views

liquidjs 路径遍历漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.0 had a path traversal vulnerability. This vulnerability stems from the layout, render, and include tags allowing access to arbitrary files via absolute...

8.7CVSS5.9AI score0.00021EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by