163 matches found
CVE-2022-3966
A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function loadtemplate of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal...
CVE-2025-4531
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPayrollServiceImpl.class of the component Beetl Template...
CVE-2025-4531
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPayrollServiceImpl.class of the component Beetl Template...
PT-2025-20653 · Unknown · Seeyon Zhiyuan Oa Web Application System
Name of the Vulnerable Software and Affected Versions: Seeyon Zhiyuan OA Web Application System version 8.1 SP2 Description: A critical issue affects the function postData of the file ROOTWEB-INFclassescomourswwwehrsalaryservicedataEhrSalaryPayrollServiceImpl.class of the component Beetl Template...
CVE-2025-3841
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config'template' leads to improper...
CVE-2025-3805
A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file checkid.py of the component Jinja2 Template Handler. The manipulation of the argument ID leads to...
CVE-2025-3804
A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...
CVE-2025-3841
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config'template' leads to improper...
CVE-2025-3841
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config'template' leads to improper...
CVE-2025-3841 wix-incubator jam Jinja2 Template jam.py special elements used in a template engine
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config'template' leads to improper...
PT-2025-17461 · Jinja2 +1 · Jinja2 +2
Name of the Vulnerable Software and Affected Versions: wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9 Description: A vulnerability was found in wix-incubator jam, affecting an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the...
CVE-2025-3805
A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file checkid.py of the component Jinja2 Template Handler. The manipulation of the argument ID leads to...
CVE-2025-3804
A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...
CVE-2025-3804
A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...
CVE-2025-3805
CVE-2025-3805 affects sarrionandia tournatrack (Jinja2 Template Handler) with a vulnerability in the check_id.py file. The issue is caused by manipulation of the ID argument, leading to local-injection. Exploitation has been disclosed publicly, and usable exploit details exist in several sources....
CVE-2025-3805 sarrionandia tournatrack Jinja2 Template check_id.py injection
A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file checkid.py of the component Jinja2 Template Handler. The manipulation of the argument ID leads to...
CVE-2025-3804 thautwarm vscode-diana Jinja2 Template Gen.py injection
A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...
CVE-2025-3804
CVE-2025-3804 affects thautwarm vscode-diana 0.0.1, specifically the Jinja2 Template Handler’s Gen.py component where an unknown function exposure enables injection. Local access is required; exploitation has been disclosed publicly. Multiple connected sources corroborate a critical issue with lo...
PT-2025-17382 · Unknown · Sarrionandia Tournatrack +1
Name of the Vulnerable Software and Affected Versions: sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec Description: A critical vulnerability was found in the Jinja2 Template Handler component, specifically in the file check id.py. The manipulation of the ID argument leads ...
CVE-2025-1611
A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit ha...