Lucene search
K

4 matches found

CVE
CVE
added 2026/05/12 10:35 p.m.14 views

CVE-2026-41901

CVE-2026-41901 (Thymeleaf) describes a security bypass in the expression execution mechanisms of Thymeleaf prior to 3.1.5.RELEASE. In sandboxed contexts, unsanitized variables containing certain expressions could be executed, enabling Server-Side Template Injection (SSTI). The issue is fixed in 3...

9CVSS5.9AI score0.00427EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 9:15 p.m.9 views

GHSA-C9PH-GXWW-7744 Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns

Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.4.RELEASE. Although the library provides mechanisms to avoid the execution of potentially dangerous expressions in some specific sandboxed restricted contexts, it fails to...

9CVSS5.8AI score0.00427EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/04 9:15 p.m.10 views

Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns

Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.4.RELEASE. Although the library provides mechanisms to avoid the execution of potentially dangerous expressions in some specific sandboxed restricted contexts, it fails to...

9CVSS5.8AI score0.00427EPSS
Exploits0References3Affected Software3
Debian CVE
Debian CVE
added 2026/04/06 3:16 p.m.4 views

CVE-2026-34982

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

8.2CVSS6.1AI score0.0047EPSS
Exploits0
Rows per page
Query Builder