CVE-2026-38930

OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter...

Arbitrary File Upload

net.mingsoft, ms-mcms is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of uploaded files in the /ms/template/writeFileContent.do component, which allows an attacker to upload arbitrary files and potentially execute malicious code on the server...

CVE-2024-33854

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23...

CVE-2023-29048

A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...

Golang < 1.19.9 / 1.20.x < 1.20.4 Multiple Vulnerabilities

The version of Golang Go installed on the remote host is affected by multiple vulnerabilities the html/template component: - Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in...

GHSA-73WX-RPJ3-MX46 Path traversal in MCMS

MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do...

rConfig 安全漏洞

rConfig is an open source web configuration management utility. rConfig version 3.9.6 contains a security vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php, which can be exploited by attackers to execute arbitrary code via specially crafted files...

CVE-2021-2289

Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite component: Template, GTIN search. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2021-2190

Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite component: Template. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales...

CVE-2021-2189

Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite component: Template. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management, and so on, a collection of management software, is a seamless integration of a management suite.Oracle Sales...