CVE-2026-44966

Velocity.js

CVE-2026-27744

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

CVE-2026-27744 SPIP tickets < 4.3.3 Unauthenticated RCE

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

CVE-2026-27745

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

CVE-2021-41971

Apache Superset up to and including 1.3.0 when configured with ENABLETEMPLATEPROCESSING on disabled by default allowed SQL injection when a malicious authenticated user sends an http request with a custom URL...

CVE-2025-68937

A flaw was found in Forgejo. This vulnerability allows a remote attacker to write to unintended files and potentially gain server shell access. The flaw occurs due to mishandling of symlink destinations that point outside of the repository when processing template repositories. This could lead to...

GHSA-729W-J79F-2C34 Grav may be vulnerable to SSRF attack via Twig Templates

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

Exploit for Improper Authentication in Oracle Concurrent_Processing

CVE‑2025‑61882 Scan/Exploit ⚠️Legal Disclaimer Legal...

EUVD-2021-0022

Malware in sbrugna...

CVE-2020-27860

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

BIT-SUPERSET-2021-41971 Possible SQL Injection when template processing is enabled

Apache Superset up to and including 1.3.0 when configured with ENABLETEMPLATEPROCESSING on disabled by default allowed SQL injection when a malicious authenticated user sends an http request with a custom URL...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the template processing mechanism. An attacker can execute arbitrary code on the server by injecting malicious templates after successfully logging into the system. Remediation Upgrade...

GHSA-PG8M-4P8J-2P56 Apache Superset SQL Injection when template processing is enabled

Apache Superset up to and including 1.3.0 when configured with ENABLETEMPLATEPROCESSING on disabled by default allowed SQL injection when a malicious authenticated user sends an http request with a custom URL...

Apache Superset SQL Injection when template processing is enabled

Apache Superset up to and including 1.3.0 when configured with ENABLETEMPLATEPROCESSING on disabled by default allowed SQL injection when a malicious authenticated user sends an http request with a custom URL...

PYSEC-2021-378

Apache Superset up to and including 1.3.0 when configured with ENABLETEMPLATEPROCESSING on disabled by default allowed SQL injection when a malicious authenticated user sends an http request with a custom URL...

Apache Superset up SQL注入漏洞

Apache Superset is a modern enterprise-grade business intelligence web application. Apache Superset 1.3.0 and earlier versions have a SQL injection vulnerability when ENABLETEMPLATEPROCESSING is enabled. An authenticated attacker can exploit this vulnerability by sending an http request with a...

PT-2021-23459 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 1.3.0 Description: The issue allows SQL injection when a malicious authenticated user sends an HTTP request with a custom URL, but only when Apache Superset is configured with ENABLE TEMPLATE...

Remote Code Execution (RCE)

Cobbler is vulnerable to Remote Code Execution RCE. A code injection flaw was found in the way Cobbler processed templates for kickstart files. A remote, authenticated user, that has the Configuration Administrator role privilege, could use this flaw to create a specially-crafted kickstart templa...

CVE-2020-7931

In Artifactory 5.x–6.x, insecure FreeMarker template processing allows remote code execution. The root cause is the DefaultObjectWrapper exposing Java functions to templates, enabling actions such as modifying a user’s .ssh/authorized_keys. Affected versions range from 5.11.8 to 6.16.0, with patc...

Foxit Reader XFA Form Template Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...