Craft CMS - Remote Code Execution via Template Path Manipulation

This template identifies a critical Remote Code Execution RCE vulnerability in Craft CMS, identified as GHSA-2p6p-9rc9-62j9. The vulnerability exists due to improper handling of the --templatesPath query parameter, allowing attackers to execute arbitrary code by referencing malicious Twig...

Koha 3.20.1 - Directory Traversal

Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the templatepath parameter to 1 svc/virtualshelves/search or 2 svc/members/search. id: CVE-2015-4632 info: name:...

CVE-2026-39345

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

CVE-2026-23483

creationtimestamp| type| source ---|---|--- 2026-04-27 12:07:05+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-23483.yaml...

CVE-2026-41176

creationtimestamp| type| source ---|---|--- 2026-04-23 05:45:19+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-41176.yaml 2026-04-23 21:03:08+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mk6vwtcoov2g 2026-04-24...

EspoCRM 安全漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM prior to 9.3.4 contained security vulnerabilities. These vulnerabilities stemmed from the...

CVE-2026-33705

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

CVE-2026-39345

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

PT-2026-30968

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

CVE-2026-34156

creationtimestamp| type| source ---|---|--- 2026-03-28 03:26:07+00:00| published-proof-of-concept| https://github.com/nocobase/nocobase/security/advisories/GHSA-px3p-vgh9-m57c 2026-03-31 08:34:55+00:00| confirmed|...

CVE-2025-62126

creationtimestamp| type| source ---|---|--- 2026-03-26 09:21:07+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-62126.yaml 2026-03-30 21:03:05+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mickqnddkr2a...

CVE-2026-4170

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...

CVE-2026-28507

Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...

Command Injection

idno/known is vulnerable to Command Injection. The vulnerability is due to improper handling of file imports combined with template path traversal, which allows an attacker to write malicious files and execute arbitrary code on the server...

CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal

Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...

CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal

Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...

CVE-2026-28507

CVE-2026-28507 affects Idno (social publishing platform). Public disclosures and Red Hat/Veracode entries describe two chained vulnerabilities leading to remote code execution: 1) Arbitrary PHP file write during WordPress import via importImagesFromBodyHTML, leveraging uncontrolled outbound fopen...

Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal

Affected Versions: Tested on current dev branch build fingerprint 505...7bd86 CVSS v4 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Privileges Required: Web application admin account for file write, any authenticated user for RCE trigger --- Summary Two separate...

Exploit for CVE-2025-14502

CVE-2025-14502 Vulnerability Analysis Report Vulnerability...

CVE-2021-36888

creationtimestamp| type| source ---|---|--- 2025-11-29 19:45:46+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-36888.yaml 2025-12-01 21:02:33+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m6xda4o4qo2a 2026-06-23...