Lucene search
K

45 matches found

OSV
OSV
added 2023/10/06 12:0 a.m.20 views

CVE-2023-45303

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...

8.4CVSS7.3AI score0.00858EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2023/02/03 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-4708

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavetemplateconditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the...

6.5CVSS6.9AI score0.00603EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/17 12:0 a.m.16 views

jpress command injection vulnerability

Jpress is a set of blogging platform developed by the Jpress team using the Java language. jpress has a security vulnerability that can be exploited by attackers to inject some malicious code through functional modifications to the template...

6.5CVSS4AI score0.01344EPSS
Exploits1Affected Software1
OSV
OSV
added 2022/01/13 2:15 p.m.18 views

CVE-2021-45806

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code...

8.8CVSS6.9AI score
Exploits0References3
NVD
NVD
added 2022/01/13 2:15 p.m.19 views

CVE-2021-45806

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code...

8.8CVSS0.01344EPSS
Exploits1References2
Prion
Prion
added 2022/01/13 2:15 p.m.16 views

Code injection

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code...

6.5CVSS8.6AI score0.01344EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/01/13 1:47 p.m.26 views

CVE-2021-45806

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code...

8.9AI score0.01344EPSS
Exploits1References2
CVE
CVE
added 2022/01/13 1:47 p.m.52 views

CVE-2021-45806

CVE-2021-45806 affects jpress v4.2.0: the admin panel exposes a function that allows attackers to modify templates and inject malicious code. The reported impact is malicious code injection via template modification, but the provided documents do not specify the exact root cause, vulnerable compo...

8.8CVSS8.7AI score0.01344EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.3 views

velocity: arbitrary code execution when attacker is able to modify templates

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...

9CVSS7.2AI score0.22709EPSS
Exploits0References4
NVD
NVD
added 2021/10/05 9:15 p.m.30 views

CVE-2021-41120

sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...

7.5CVSS0.01493EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/09/23 4:28 p.m.3 views

velocity: arbitrary code execution when attacker is able to modify templates

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...

9CVSS7.2AI score0.22709EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/09/23 4:26 p.m.6 views

velocity: arbitrary code execution when attacker is able to modify templates

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...

9CVSS7.2AI score0.22709EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/09/23 4:18 p.m.4 views

velocity: arbitrary code execution when attacker is able to modify templates

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...

9CVSS7.2AI score0.22709EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/08/11 6:21 p.m.1 views

velocity: arbitrary code execution when attacker is able to modify templates

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...

9CVSS7.2AI score0.22709EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/05/19 3:31 p.m.4 views

velocity: arbitrary code execution when attacker is able to modify templates

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...

9CVSS7.2AI score0.22709EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/05/19 3:26 p.m.2 views

velocity: arbitrary code execution when attacker is able to modify templates

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...

9CVSS7.2AI score0.22709EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/05/19 3:21 p.m.2 views

velocity: arbitrary code execution when attacker is able to modify templates

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity...

9CVSS7.2AI score0.22709EPSS
Exploits0References4
OSV
OSV
added 2021/05/06 11:2 a.m.2 views

OESA-2021-1157 velocity security update

Velocity is a Java-based template engine. It permits anyone to use the simple yet powerful template language to reference objects defined in Java code. Security Fixes: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the...

9CVSS8.1AI score0.22709EPSS
Exploits0References2
CNVD
CNVD
added 2020/04/30 12:0 a.m.3 views

Mono MonoX CMS Code Execution Vulnerability

MonoX CMS is an ASP.NET-based content management system CMS and social networking platform from Mono Croatia. A security vulnerability exists in Mono MonoX CMS 5.1.40.5152 and earlier versions. The vulnerability can be exploited by an attacker to execute arbitrary code by modifying an ASPX templa...

7.2CVSS7.8AI score0.01674EPSS
Exploits1
NVD
NVD
added 2020/04/29 9:15 p.m.25 views

CVE-2020-12470

MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template...

7.2CVSS7.4AI score0.01674EPSS
Exploits1References1
Rows per page
Query Builder