CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

45 matches found

CVE•added 2026/04/22 8:5 p.m.•6 views

CVE-2026-33733

CVE-2026-33733 affects EspoCRM prior to version 9.3.4, where admin TemplateManager endpoints incorrectly handle attacker-controlled name and scope values. This allows an authenticated admin to use directory traversal (../) to escape the intended template directory and read, create, overwrite, or ...

7.2CVSS5.8AI score0.00155EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2026/04/13 7:23 p.m.•1 views

CVE-2026-39315

Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in...

6.1CVSS5.8AI score0.00089EPSS

Exploits1References1

ATTACKERKB•added 2026/03/12 5:20 p.m.•2 views

CVE-2026-31873

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

5.9AI score0.0002EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-10249

Malware in sbrugna...

7.5CVSS7.4AI score0.00015EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2017-16954

Malware in sbrugna...

6.1CVSS6.2AI score0.0001EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-16957

Malware in sbrugna...

6.1CVSS6.2AI score0.0001EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-30343

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.0549EPSS

Exploits0References3

OSV•added 2025/04/03 2:12 p.m.•6 views

BIT-JOOMLA-2021-23131 [20210305] - Core - Input validation within the template manager

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager...

7.5CVSS7.6AI score0.00015EPSS

Exploits0References2

OSSF Malicious Packages•added 2024/06/25 1:29 p.m.•2 views

Malicious code in ITLec.EmailTеmрlateManager (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Exploits0

Positive Technologies•added 2023/11/28 12:0 a.m.•1 views

PT-2023-30467 · Jflyfox · Jfinalcms

Name of the Vulnerable Software and Affected Versions: jflyfox jfinalCMS version 5.1.0 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the "login.jsp" component in the template management module. Recommendations: For jflyfox jfinalCMS version 5.1....

9.8CVSS9.6AI score0.01289EPSS

Exploits1References5

Patchstack•added 2023/07/18 12:0 a.m.•3 views

WordPress Template Manager for Gutenberg Block Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Template Manager for Gutenberg Block Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 011e9bd91ed5 Credits Rafie Muhamma...

6.9AI score

Exploits0References2Affected Software1

OSV•added 2023/05/02 8:15 p.m.•0 views

CVE-2023-26546

European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection SSTI with a crafted template file. The attacker must have template manager permission...

8.8CVSS6.3AI score0.0549EPSS

Exploits0References3

Prion•added 2023/05/02 8:15 p.m.•17 views

Sql injection

6.5CVSS8.7AI score0.0549EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2023/05/02 12:0 a.m.•2 views

PT-2023-20720 · European Chemicals Agency · Iuclid

Name of the Vulnerable Software and Affected Versions: European Chemicals Agency IUCLID versions prior to 6.27.6 Description: The issue allows remote authenticated users to execute arbitrary code via Server Side Template Injection SSTI with a crafted template file. The attacker must have template...

8.8CVSS8.1AI score0.0549EPSS

Exploits0References6

Vulnrichment•added 2023/05/02 12:0 a.m.•7 views

CVE-2023-26546

8.7AI score0.0549EPSS

Exploits0References3

Cvelist•added 2023/05/02 12:0 a.m.•14 views

CVE-2023-26546

8.9AI score0.0549EPSS

Exploits0References3

Patchstack•added 2022/02/28 12:0 a.m.•6 views

WordPress Template Manager for Gutenberg Block plugin <= 1.0.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Template Manager for Gutenberg Block plugin versions = 1.0.5. Solution No patched version available...

2.5AI score

Exploits0References2Affected Software1

Patchstack•added 2022/02/28 12:0 a.m.•8 views

WordPress Template Manager for Gutenberg Block plugin <= 1.0.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Template Manager for Gutenberg Block plugin versions = 1.0.5. Solution No patched version available...

4.2AI score

Exploits0References2Affected Software1

CNVD•added 2021/03/05 12:0 a.m.•8 views

Joomla! Template Manager Missing Input Validation Vulnerability

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A vulnerability exists in Joomla! 3.2.0 - 3.9.24 where the template manager lacks...

7.5CVSS6.7AI score0.00015EPSS

Exploits0References1

Prion•added 2021/03/04 6:15 p.m.•15 views

Input validation

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager...

5CVSS7.5AI score0.00015EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by