29 matches found
LiquidJS is Vulnerable to Remote Code Execution
Summary It is possible to execute arbitrary code with crafted templates Details 1|valueOf - this when evaluating the filter liquid %assign r=1|valueOf% r|inspect json...
erb: ERB: Arbitrary code execution via deserialization bypass
A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...
erb: ERB: Arbitrary code execution via deserialization bypass
A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...
erb: ERB: Arbitrary code execution via deserialization bypass
A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...
erb: ERB: Arbitrary code execution via deserialization bypass
A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Dynaconf vulnerability (USN-8231-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8231-1 advisory. It was discovered that Dynaconf was incorrectly handling template evaluation in its string resolvers. A remote attacker could...
USN-8231-1 python-dynaconf vulnerability
It was discovered that Dynaconf was incorrectly handling template evaluation in its string resolvers. A remote attacker could possibly use this issue to execute arbitrary code...
USN-8231-1: Dynaconf vulnerability
It was discovered that Dynaconf was incorrectly handling template evaluation in its string resolvers. A remote attacker could possibly use this issue to execute arbitrary code...
PT-2026-38540
It was discovered that Dynaconf was incorrectly handling template evaluation in its string resolvers. A remote attacker could possibly use this issue to execute arbitrary code...
Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation
Summary Scriban's expression evaluation contains three distinct code paths that allow an attacker who can supply a template to cause denial of service through unbounded memory allocation or CPU exhaustion. The existing safety controls LimitToString, LoopLimit do not protect these paths, giving...
CVE-2026-33154 dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...
CVE-2026-33154 dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...
CVE-2026-33154 dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...
Metabase < 0.57.13 / 0.58.x < 0.58.7 / 1.x < 1.57.13 / 1.58.x < 1.58.7 Information Disclosure
The version of Metabase installed on the remote host is prior to 0.57.13, 0.58.x prior to 0.58.7, 1.x prior to 1.57.13, or 1.58.x prior to 1.58.7. It is, therefore, affected by an information disclosure vulnerability: - Authenticated users are able to retrieve sensitive information from a Metabas...
CVE-2026-27464
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileg...
CVE-2026-27464
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileg...
CVE-2026-27464 Metabase: Server-Side Template Injection via Notifications Endpoint Leads to RCE
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileg...
Metabase 安全漏洞
Metabase is an open-source data analysis platform developed by the American company Metabase. Versions of Metabase prior to 0.57.13 and 0.58.6 contain security vulnerabilities. These vulnerabilities stem from improper template evaluation, which may allow low-privilege users to extract sensitive...
CVE-2026-2452
The CVE-2026-2452 issue affects pretix email templates where placeholders are used to inject data. A security bug allowed exfiltration of sensitive information from the system configuration via specially crafted placeholder names (for example {{event.init .code .co_filename}}), enabling an attack...
CVE-2025-27137
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the SYSTEMCONFIGURATION permission to customize notification templates. Templates are evaluated using the Pebble template engine...