Lucene search
+L

31 matches found

Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Symlink Attack

Overview github.com/go-gitea/gitea/modules/util is a Git with a cup of tea, painless self-hosted git service. Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by...

9.1CVSS6AI score0.00428EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.9 views

CVE-2026-25718

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

5.9AI score0.00428EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.3 views

CVE-2026-32252

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS5.8AI score0.00285EPSS
Exploits1References1
NVD
NVD
added 2026/04/10 8:16 p.m.4 views

CVE-2026-32252

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS0.00285EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/10 7:17 p.m.20 views

CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS0.00285EPSS
Exploits1References2
CVE
CVE
added 2026/04/10 7:17 p.m.13 views

CVE-2026-32252

CVE-2026-32252 – Chartbrew : A cross-tenant authorization bypass exists in GET /team/:team_id/template/generate/:project_id prior to 4.9.0. The handler calls checkAccess(req, "updateAny", "chart") without awaiting the promise and does not verify the project_id belongs to the caller’s team. As a r...

7.7CVSS5.8AI score0.00285EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 7:17 p.m.5 views

CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS5.8AI score0.00285EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/10 7:17 p.m.4 views

EUVD-2026-21553

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS5.8AI score0.00285EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 7:17 p.m.2 views

CVE-2026-32252

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS5.8AI score0.00285EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-32028

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:team id/template/generate/:project id. The GET handler calls checkAccessreq,...

7.7CVSS5.8AI score0.00285EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.6 views

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...

5.3CVSS7.1AI score0.01294EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/11/17 12:0 a.m.11 views

Beyond Fixed and Dynamic Prompts: Embedded Jailbreak Templates for Advancing LLM Security

As the use of large language models LLMs continues to expand, ensuring their safety and robustness has become a critical challenge. In particular, jailbreak attacks that bypass built-in safety mechanisms are increasingly recognized as a tangible threat across industries, driving the need for...

7.3AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-31569

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00454EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.8 views

The vulnerability of the Ansible configuration management system, related to improper code generation, allows a attacker to execute arbitrary code.

The vulnerability of the Ansible configuration management system is related to incorrect code generation during template processing. Exploiting this vulnerability allows an attacker to execute arbitrary code...

6.6CVSS7.4AI score0.00539EPSS
Exploits0References7Affected Software5
BDU FSTEC
BDU FSTEC
added 2023/09/21 12:0 a.m.7 views

The vulnerability of the Admin CP configuration module of the MyBB forum creation software allows a hacker to execute arbitrary code.

The vulnerability of the Admin CP module for the MyBB forum creation software is related to improper code generation during template processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS7.6AI score0.01641EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/03 12:0 a.m.9 views

The vulnerability of the Velocity Template Handler component in the Atlassian Jira Server and Data Center processing system lies in errors during template code generation, allowing attackers to execute arbitrary code.

The vulnerability of the Velocity Template Handler component in the Atlassian Jira Server and Data Center processing system is related to errors during the template code generation process. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

8.3CVSS7.5AI score0.44604EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/04/26 4:6 p.m.34 views

CVE-2022-24881 Command Injection in Ballcat Codegen

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...

8.8CVSS9.5AI score0.02995EPSS
Exploits1References5
Kitploit
Kitploit
added 2022/03/19 8:30 p.m.40 views

Nuclei-Burp-Plugin - Nuclei Plugin For BurpSuite

A BurpSuite plugin intended to help with nuclei template generation. Features Template matcher generation Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts Multi-line selections are split to separate words for readability Binary matchers are...

7.4AI score
Exploits0References10
Gitee
Gitee
added 2022/02/20 5:49 p.m.4 views

nuclei-templates

This repository is a collection of templates for the nuclei engine, a tool used to find security vulnerabilities in applications. The templates are used to identify potential vulnerabilities and are contributed by both the project's team and the community. The repository contains various template...

8.1AI score
Exploits0
OSV
OSV
added 2021/09/28 11:17 a.m.1 views

OPENSUSE-SU-2021:3244-1 Security update for shibboleth-sp

This update for shibboleth-sp fixes the following issues: - Template generation allows external parameters to override placeholders bsc1184222...

7.1AI score
Exploits0References2
Rows per page
Query Builder