Lucene search
K

792 matches found

CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Apache OFBiz 安全漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by improper handling of...

6.5CVSS5.8AI score0.00541EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 12:0 a.m.11 views

ALSA-2026:18030 Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References4
NVD
NVD
added 2026/05/17 9:16 a.m.23 views

CVE-2026-8740

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

6.5CVSS0.00232EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/17 8:0 a.m.10 views

CVE-2026-8740 Sanluan PublicCMS templateResult API TemplateResultDirective.java execute special elements used in a template engine

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

6.5CVSS6.3AI score0.00232EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 8:0 a.m.19 views

EUVD-2026-30689

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

6.5CVSS6.3AI score0.00232EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 8:0 a.m.21 views

CVE-2026-8740

CVE-2026-8740 affects Sanluan PublicCMS 5.202506.d; the issue lies in TemplateResultDirective.java (TemplateResult API), where manipulating the templateContent argument during execution leads to improper neutralization of special template engine elements. This enables a remote attack, and exploit...

6.5CVSS6.3AI score0.00232EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 8:0 a.m.47 views

CVE-2026-8740 Sanluan PublicCMS templateResult API TemplateResultDirective.java execute special elements used in a template engine

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

6.5CVSS0.00232EPSS
Exploits0References4
NVD
NVD
added 2026/05/13 9:16 p.m.10 views

CVE-2026-45714

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

9.1CVSS0.00415EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 8:36 p.m.9 views

EUVD-2026-30165

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

9.1CVSS5.9AI score0.00735EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/09 4:3 a.m.5 views

CVE-2026-41311

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript he...

7.5CVSS5.7AI score0.00382EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/05/08 8:36 p.m.11 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview banks is an A prompt programming language Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Prompt process. An attacker can execute arbitrary code on the host system by supplying specially crafted template...

7.7CVSS6.2AI score0.00539EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 10:15 p.m.5 views

jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine

Summary Description An Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse as template source. This affec...

6.2AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/05 10:15 p.m.8 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the FreemarkerEngine.parse function. An attacker can execute arbitrary commands on the server by injecting malicious template code that leverages unrestricted cla...

7.5CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2026/05/05 10:15 p.m.6 views

GHSA-MGGX-P7JF-JGW4 jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine

Summary Description An Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse as template source. This affec...

7.5CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 2026/05/05 6:33 p.m.7 views

EUVD-2026-27404

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

5.9AI score0.00175EPSS
Exploits1References2
NVD
NVD
added 2026/05/05 5:17 p.m.5 views

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

6.1CVSS0.00175EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:0 a.m.4 views

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

5.9AI score0.00175EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.38 views

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

0.00175EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.7 views

CVE-2026-6984

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

5.8CVSS4.8AI score0.00299EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/25 6:32 p.m.8 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the createtemplate function of the Dashboard API. An attacker can access sensitive information, modify data, or disrupt...

5.8CVSS5.8AI score0.00299EPSS
Exploits0References3
Rows per page
Query Builder