CVE-2025-24359

CVE-2025-24359 affects the Python package asteval prior to 1.0.6. The root cause is in the handling of FormattedValue AST nodes in on_formattedvalue, which uses the dangerous Str.format path (fmt.format(fstring =val)). This can allow an attacker who controls input to bypass restrictions and execu...

USN-7205-2: Django vulnerability

USN-7205-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that Django incorrectly handled certain IPv6 strings. An attacker could possibly use this issue to cause a denial of service...

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

CVE-2025-23026

Summary: CVE-2025-23026 affects jte (Java Template Engine)

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

GHSA-VH22-6C6H-RM8Q jte's HTML templates containing Javascript template strings are subject to XSS

Summary Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. Details The javaScriptBlock and javaScriptAttribute methods in the Escape class source do not escape backticks, which are used for Javascript template strings...

jte's HTML templates containing Javascript template strings are subject to XSS

Summary Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. Details The javaScriptBlock and javaScriptAttribute methods in the Escape class source do not escape backticks, which are used for Javascript template strings...

PT-2025-4773 · Jte · Jte

Name of the Vulnerable Software and Affected Versions: jte Java Template Engine versions 3.1.15 and earlier Description: The issue affects Jte HTML templates with script tags or script attributes that include a Javascript template string backticks, making them subject to XSS. The javaScriptBlock...

[SECURITY] [DLA 4010-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4010-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 10, 2025 https://wiki.debian.org/LTS -...

MAL-2025-21 Malicious code in tree-sitter-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fbacf70d3997892f49d729cbc0db29837ec65744402a0ae0c62460813e7f254f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tree-sitter-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fbacf70d3997892f49d729cbc0db29837ec65744402a0ae0c62460813e7f254f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-9427

Koji contains an XSS vulnerability (CVE-2024-9427) due to unsanitized input that can reflect JavaScript from a malicious link in the web page. The description notes that existing XSS protections in the code are expected to prevent submitting actions or changes. The connected sources confirm this ...

CVE-2024-53899

...

virtualenv: potential command injection via virtual environment activation scripts

A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...

virtualenv: potential command injection via virtual environment activation scripts

A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...

Fedora 41 : python3.9 (2024-47e4624c89)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-47e4624c89 advisory. Python 3.9.21 security release. Security content in this release -------------------------------- - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to...

PT-2024-41090 · Git +1 · Shaderc

Name of the Vulnerable Software and Affected Versions: glslang affected versions not specified Description: The software contains a heap-buffer-overflow read issue. The crash occurs during the parseShaderStrings function within the glslang::HlslParseContext. This function is called by...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an undefined behavior issue in the vdpa driver due to strings being allocated on the stack, as these strings...

Cisco IP Phone 7920 SNMP Information Disclosure (CVE-2005-3803)

Cisco IP Phone VoIP 7920 1.08 contains certain hard-coded fixed public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mor...