CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

62 matches found

NVD•added 2026/05/13 9:16 p.m.•6 views

CVE-2026-45714

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

9.1CVSS0.00057EPSS

Exploits0References1

EUVD•added 2026/05/13 8:43 p.m.•5 views

EUVD-2026-30176

9.1CVSS6.1AI score0.00057EPSS

Exploits0References1

ATTACKERKB•added 2026/05/13 8:36 p.m.•4 views

CVE-2026-44377

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

9.1CVSS5.9AI score0.00191EPSS

Exploits0References3Affected Software1

EUVD•added 2026/05/13 8:36 p.m.•5 views

EUVD-2026-30165

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

9.1CVSS5.9AI score0.00191EPSS

Exploits0References2

GithubExploit•added 2026/04/23 9:0 a.m.•129 views

tecno_xss_hotfix

tecnoxsshotfix Security hotfix module for PrestaShop — patc...

5.8AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-4789

Malware in sbrugna...

7.5CVSS6AI score0.01407EPSS

Exploits0References13

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-0924

Malicious code in bioql PyPI...

7.1CVSS6.8AI score0.01189EPSS

Exploits0References11

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-0443

Malicious code in bioql PyPI...

8.8CVSS6.2AI score0.0047EPSS

Exploits0References16

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-0423

Malicious code in bioql PyPI...

8.8CVSS6.2AI score0.00643EPSS

Exploits0References18

Tenable Nessus•added 2025/08/27 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2024-35226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could...

7.3CVSS7.2AI score0.00279EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 8:39 p.m.•1 views

CVE-2021-26119

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.templateobject can be accessed in sandbox mode...

7.5CVSS6.5AI score0.62613EPSS

Exploits1References1

OSV•added 2025/03/27 6:53 p.m.•0 views

USN-7377-1 smarty vulnerability

It was discovered that Smarty did not properly sanitize template file names. An attacker could possibly use this issue to cause Smarty to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.3CVSS5.9AI score0.00279EPSS

Exploits0References2

OSV•added 2024/05/28 9:16 p.m.•0 views

UBUNTU-CVE-2024-35226

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...

7.3CVSS5.9AI score0.00279EPSS

Exploits0References7

OSV•added 2024/02/12 10:15 p.m.•1 views

CVE-2024-23761

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template...

9.8CVSS6AI score0.00093EPSS

Exploits1References1

CNNVD•added 2024/02/12 12:0 a.m.•2 views

Gambio Code Issue Vulnerability

Gambio is an all-in-one e-commerce solution from Gambio, Inc. A code issue vulnerability exists in Gambio 4.9.2.0 and prior versions that stems from allowing an attacker to run arbitrary code via a crafted smarty email template...

9.8CVSS7.3AI score0.00093EPSS

Exploits1References2

Tenable Nessus•added 2023/04/13 12:0 a.m.•31 views

Ubuntu 22.04 LTS : Smarty vulnerability (USN-6012-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6012-1 advisory. It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue...

8.8CVSS7AI score0.25501EPSS

Exploits1References2

OSV•added 2023/03/28 9:15 p.m.•1 views

DEBIAN-CVE-2023-28447

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...

6.1CVSS7.3AI score0.01189EPSS

Exploits0References1

Prion•added 2023/03/28 9:15 p.m.•31 views

Design/Logic Flaw

5.8CVSS6.4AI score0.01189EPSS

Exploits0References5Affected Software2

Positive Technologies•added 2023/03/28 12:0 a.m.•4 views

PT-2023-21728

Name of the Vulnerable Software and Affected Versions Smarty versions prior to 3.1.48 Smarty versions prior to 4.3.1 Description The issue is related to improper escaping of JavaScript code in the Smarty template engine for PHP. An attacker could exploit this to execute arbitrary JavaScript code ...

7.1CVSS7.1AI score0.01189EPSS

Exploits0References42

CNNVD•added 2022/09/14 12:0 a.m.•1 views

Smarty 跨站脚本漏洞

Smarty is a PHP-based template engine that facilitates the separation of representations HTML/CSS from application logic. A security vulnerability exists in Smarty versions prior to 3.1.47, and 4.x versions prior to 4.2.1, which stems from the discovery of a cross-site scripting vulnerability...

5.4CVSS5.4AI score0.00629EPSS

Exploits1References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by