Directory Traversal

Overview python-liquid is an A Python engine for the Liquid template language. Affected versions of this package are vulnerable to Directory Traversal via the FileSystemLoader and CachingFileSystemLoader components. An attacker can access and render arbitrary files outside the intended search pat...

Astra Linux - уязвимость в twig

Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates whose names are user-inputs. It’s possible to use the source or include statement to read arbitrary files from outside the...

CVE-2026-39345

OrangeHRM Open Source versions 5.0–5.8 are affected by a path traversal vulnerability in the Email Template Loader that can allow an authenticated actor who can influence the template path to read arbitrary local files. Root cause: insufficient restriction of template file resolution to the inten...

CVE-2026-39345 OrangeHRM Affected by Arbitrary File Read via Path Traversal in Email Template Loader

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

GHSA-X6M9-38VM-2XHF Scriban has an authorization bypass due to stale include cache surviving TemplateContext.Reset()

Summary TemplateContext.Reset claims that a TemplateContext can be reused safely on the same thread, but it does not clear CachedTemplates. If an application pools TemplateContext objects and uses an ITemplateLoader that resolves content per request, tenant, or user, a previously authorized inclu...

Scriban has an authorization bypass due to stale include cache surviving TemplateContext.Reset()

Summary TemplateContext.Reset claims that a TemplateContext can be reused safely on the same thread, but it does not clear CachedTemplates. If an application pools TemplateContext objects and uses an ITemplateLoader that resolves content per request, tenant, or user, a previously authorized inclu...

EUVD-2022-6700

Malicious code in bioql PyPI...

CVE-2008-7254

Directory traversal vulnerability in includes/template-loader.php in Irmin CMS formerly Pepsi CMS 0.5 and 0.6 BETA2, when registerglobals is enabled, allows remote attackers to include and execute arbitrary files via a .. dot dot in the RootPath parameter. NOTE: some of these details are obtained...

Pepsi CMS (Irmin cms) pepsi-0.6-BETA2 - Multiple Local File

Pepsi CMS Irmin cms pepsi-0.6-BETA2 - Multiple Local File Pepsi CMS Irmin cms pepsi-0.6-BETA2 Multiple Local File Vulnerability fucking the Web Apps LFI 1 - attack edition /\ \ /\ \ /\ /\ \ \ \ \L\ \ \ /'\ /\ \ \ ,\ \ \ \ \ /\ /\ \ /'\ \ , /\ \ /' \ /' \ \ \ /\ \ \ /'\ \ \ /\ \ \ /\ /...