Unity Linux 20.1050e / 20.1070e Security Update: python-jinja2 (UTSA-2026-017331)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017331 advisory. Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that...

CVE-2025-12107

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and...

CVE-2025-12107

CVE-2025-12107 involves a vulnerable Velocity template engine. It allows a malicious actor with admin privilege to inject and execute arbitrary template code in server-side templates, potentially leading to remote code execution, data manipulation, or unauthorized access. CVSS 3.1 base score is 1...

Server-Side Template Injection (SSTI)

net.mingsoft, ms-mcms is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of user-supplied input in the Template Management module, which allows an attacker to inject and execute arbitrary template code on the server...

EUVD-2025-199631

Contao is vulnerable to cross-site scripting in templates...

CVE-2025-36461

Dell ControlVault3 and Dell ControlVault3 Plus are affected by multiple out-of-bounds read/write vulnerabilities in the ControlVault WBDI Driver Broadcom Storage Adapter. A crafted WinBioControlUnit call, using ControlCode WBIO_USH_GET_TEMPLATE (and related codes), can trigger memory corruption o...

EUVD-2022-2995

Malicious code in bioql PyPI...

CommScope Ruckus Unleashed和CommScope Ruckus ZoneDirector 安全漏洞

CommScope Ruckus Unleashed and CommScope Ruckus ZoneDirector are both wireless routers from CommScope USA. A security vulnerability exists in CommScope Ruckus Unleashed versions prior to 200.14.6.1.203 and CommScope Ruckus ZoneDirector, which stems from a path traversal flaw that could lead to th...

Improper Neutralization of Special Elements Used in a Template Engine

Overview pyspur is a PySpur is a Graph UI for building AI Agents in Python Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the SingleLLMCallNode function. An attacker can execute unauthorized template code and potential...

AZL-54660 CVE-2024-56201 affecting package python-jinja2 for versions less than 3.1.2-2

Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability...

Remote Code Execution (RCE)

nautobot is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sandboxing of environments for the Jinja2 template engine when used internally for template rendering for objects like extras.ComputedField,extras.CustomLink, extras.ExportTemplate, extras.Secret and...

Nautobot 安全漏洞

Nautobot is a web automation platform by the individual developers of Nautobot. A security vulnerability exists in Nautobot versions prior to 1.5.7, which can be exploited by an attacker to conduct a potential remote code execution attack via maliciously crafted template code...

SUSE CVE-2017-9347

In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID...

SUSE CVE-2018-13982

SmartySecurity::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...

GHSA-7GFX-WXFH-7RVM Smarty Path Traversal Vulnerability

SmartySecurity::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...

RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backend

The templating library used by the scaffolder backend assumes that templates are trusted which is an undesired property of the scaffolder-backend. This has now been mitigated by sandboxing the template code execution. Impact A malicious actor with write access to a registered scaffolder template...

MGASA-2018-0403 Updated php-smarty packages fix security vulnerability

Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files CVE-2018-13982...

Updated php-smarty packages fix security vulnerability

Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files CVE-2018-13982...

openSUSE Security Update : php5-smarty3 (openSUSE-2018-1052)

This update for php5-smarty3 fixes the following issues : - CVE-2018-16381: Prevent traversal vulnerability due to insufficient template code sanitization that allowed attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...

openSUSE: Security Advisory for php5-smarty3 (openSUSE-SU-2018:2859-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...