Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 7:30 p.m.2 views

CVE-2026-35525 LiquidJS has a root restriction bypass for partial and layout loading through symlinked templates

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for % include %, % render %, and % layout %, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is path-based, not...

8.2CVSS5.9AI score0.00396EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/08 3:3 p.m.2 views

EUVD-2026-20594

LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates...

8.2CVSS5.9AI score0.00396EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2019/12/10 3:34 p.m.63 views

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...

9CVSS7.3AI score0.63917EPSS
Exploits10References5
RedHat Linux
RedHat Linux
added 2019/11/06 4:45 p.m.32 views

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...

9CVSS7.3AI score0.63917EPSS
Exploits10References5
Rows per page
Query Builder