Lucene search
K

9 matches found

CVE
CVE
added 2026/06/22 3:18 p.m.15 views

CVE-2026-52725

Angular CVE-2026-52725 concerns an issue in the @angular/core dynamic component creation flow. The vulnerability allows bypassing script-execution restrictions by mounting a dynamic component directly onto a [removed] tag or namespaced script element when a user-controlled host/selector is suppli...

6.1CVSS6AI score0.00238EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/22 3:11 p.m.41 views

CVE-2026-50557

CVE-2026-50557 concerns Angular’s template sanitization bypass via namespace handling in @angular/compiler and @angular/core. The issue allows namespaced elements (e.g., svg:script or ) to escape script-element recognition and for security context attribute mappings to bypass runtime/compile-time...

6.1CVSS5.8AI score0.00206EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 7:22 p.m.14 views

HtmlSanitizer has a bypass via template tag

Impact If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: 1. it is still...

6.3CVSS5.4AI score0.00241EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2720

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.01666EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.4 views

Winter 安全漏洞

Winter is a free and open source content management system based on the Laravel PHP framework by Winter Open Source. A security vulnerability exists in Winter versions prior to 1.2.7, 1.1.11, and 1.0.476, which stems from a user being able to bypass the sandboxing restriction of Twig files by...

8.4CVSS6.3AI score0.00397EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.4 views

PT-2024-31614

Name of the Vulnerable Software and Affected Versions: Twig versions prior to 1.44.8 Twig versions prior to 2.16.1 Twig versions prior to 3.14.0 Description: Under some circumstances, the sandbox security checks are not run, which allows user-contributed templates to bypass the sandbox...

8.6CVSS7.2AI score0.00826EPSS
Exploits0References42
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.3 views

SeaCMS Security Vulnerability

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 12.9, which stems from the fact that although admintemplate. php imposes certain...

8.8CVSS7.7AI score0.01264EPSS
Exploits1References2
OSV
OSV
added 2022/09/08 5:25 p.m.27 views

CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

8.5CVSS6.8AI score0.00662EPSS
Exploits0References5
OSV
OSV
added 2019/03/15 3:29 a.m.5 views

CVE-2019-9829

Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/defaultpc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates...

8.8CVSS7.6AI score0.02035EPSS
Exploits1References1
Rows per page
Query Builder