4 matches found
CVE-2026-41901
CVE-2026-41901 (Thymeleaf) describes a security bypass in the expression execution mechanisms of Thymeleaf prior to 3.1.5.RELEASE. In sandboxed contexts, unsanitized variables containing certain expressions could be executed, enabling Server-Side Template Injection (SSTI). The issue is fixed in 3...
GHSA-C9PH-GXWW-7744 Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns
Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.4.RELEASE. Although the library provides mechanisms to avoid the execution of potentially dangerous expressions in some specific sandboxed restricted contexts, it fails to...
Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns
Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.4.RELEASE. Although the library provides mechanisms to avoid the execution of potentially dangerous expressions in some specific sandboxed restricted contexts, it fails to...
CVE-2026-34982
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...