CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

CVE-2026-22692

October is a Content Management System CMS and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing...

Exploit for CVE-2026-22692

CVE-2026-22692: Critical Twig Sandbox Bypass via collect-ma...

Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery

An SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, and 7.4 GA through update 92 allows template...

CVE-2025-4655

CVE-2025-4655 is an SSRF vulnerability in FreeMarker templates that affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.5, 2024.Q4.0–2024.Q4.7, 2024.Q3.1–2024.Q3.13, 2024.Q2.0–2024.Q2.13, 2024.Q1.1–2024.Q1.15, and 7.4 GA through update 92. The issue allows template editors to...

Alfresco Software Alfresco Enterprise and Alfresco Injection Vulnerabilities

Alfresco Software Alfresco Enterprise is the enterprise version of an enterprise content management system from Alfresco Software. The system includes document management, office collaboration, etc. Alfresco is an open source enterprise content management system. The platform page using Freemarke...