Lucene search
K

23 matches found

OSV
OSV
added last week4 views

CVE-2026-55575 LiquidJS: `pop` filter bypasses `memoryLimit` accounting that its array-filter siblings enforce

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...

8.2CVSS6.1AI score0.00384EPSS
Exploits0References6
OSV
OSV
added 2026/05/18 12:0 a.m.12 views

ALSA-2026:18030 Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/05 10:15 p.m.6 views

jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine

Summary Description An Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse as template source. This affec...

6.2AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/27 7:44 p.m.7 views

CVE-2026-26938

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

8.6CVSS6.1AI score0.00254EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 9:53 a.m.3 views

CVE-2025-46699

Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

6.5CVSS5.5AI score0.00293EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/23 9:53 a.m.32 views

CVE-2025-46699

Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

4.3CVSS0.00293EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.8 views

CVE-2022-0896

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3...

8.8CVSS6.6AI score0.01388EPSS
Exploits1References1
Snyk
Snyk
added 2025/12/11 10:7 p.m.4 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview fof/pretty-mail is a Create HTML email for Flarum Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the email template processing. An authenticated attacker with admin privileges can execute arbitrary system...

8.6CVSS7AI score0.00504EPSS
Exploits0References2
OSV
OSV
added 2025/11/20 12:0 a.m.4 views

CVE-2025-63888

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability...

9.8CVSS7.9AI score0.00506EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-46004

Malicious code in bioql PyPI...

9.1CVSS8.7AI score0.01105EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 8:15 a.m.4 views

CVE-2025-53194

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through = 3.7.0...

8.5CVSS0.00347EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 8:3 a.m.12 views

CVE-2025-53194 WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through = 3.7.0...

8.5CVSS0.00347EPSS
Exploits0References1
OSV
OSV
added 2025/04/28 3:15 p.m.4 views

CVE-2025-23376

Dell PowerProtect Data Manager Reporting, versions 19.16, 19.17, 19.18, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure...

4.4CVSS5.8AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/28 2:34 p.m.34 views

CVE-2025-23376

Dell PowerProtect Data Manager Reporting, versions 19.16, 19.17, 19.18, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure...

2.3CVSS0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/15 2:53 a.m.17 views

CVE-2025-26865

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18. It's a regression between 18.12.17 and 18.12.18. In case you use something like that, which is not recommended! For security, only...

3.5CVSS6.8AI score0.00623EPSS
Exploits0References1
CVE
CVE
added 2025/03/10 2:1 p.m.116 views

CVE-2025-26865

CVE-2025-26865 affects Apache OFBiz 18.12.17 through 18.12.18, due to improper neutralization of special elements in the template engine. It's a regression between 18.12.17 (safe) and 18.12.18 (patched). Affected component is the template engine in OFBiz; Red Hat, CNVD, OSV, NVD, and CVE lists de...

3.5CVSS7.1AI score0.00623EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/11/14 5:23 p.m.6 views

CVE-2024-52393 WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerability

Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through = 4.1.15...

9.1CVSS7.2AI score0.00518EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.4 views

PT-2024-35231 · Unknown · Podlove Podcast Publisher

Name of the Vulnerable Software and Affected Versions: Podlove Podcast Publisher versions through 4.1.15 Description: The issue is related to an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. This vulnerability allows for remote attacks due to flaws in the...

9.1CVSS9.3AI score0.00518EPSS
Exploits0References7
OSV
OSV
added 2024/10/16 1:15 p.m.7 views

CVE-2024-49271

: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows : Command Injection.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a...

7.2CVSS5.8AI score0.01114EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.6 views

WordPress plugin Unlimited Elements For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.1CVSS6.6AI score0.01114EPSS
Exploits0References2
Rows per page
Query Builder