104 matches found
Cross-site Scripting (XSS)
Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Template response rendering path in the HTML template components. An attacker can inject arbitrary HTML o...
CVE-2026-39891
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user input from agent.start is passed directly into these tools without escaping, template expressions in the...
CVE-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...
view_component 安全漏洞
viewcomponent is an open-source framework developed by ViewComponent, designed for building reusable and testable view components. There are security vulnerabilities in the viewcomponent version 3.0.0 to 4.9.0. These vulnerabilities stem from the fact that the preview routing does not verify...
CVE-2026-44916
In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...
CVE-2026-24425
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...
UBUNTU-CVE-2026-24425
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...
CVE-2026-24425
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...
CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...
CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...
CVE-2026-24425
Twig 2.16.x and 3.9.0–3.25.x contain a sandbox bypass via SourcePolicyInterface, allowing runtime bypass of sandbox checks when using a source policy to execute arbitrary code. The underlying issue is a runtime check that fails to use the current template source, enabling code execution if sandbo...
CVE-2026-24425
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that...
CVE-2026-36458
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...
Velocity.js has a Prototype Pollution vulnerability through #set path assignment
Summary A prototype pollution vulnerability was discovered in Velocity.js key = val. Because there is no validation or filtering to block sensitive keys such as \proto\, constructor, or prototype, an attacker can traverse the prototype chain and pollute the global Object.prototype. PoC javascript...
GHSA-J658-C2GF-X6PQ Velocity.js has a Prototype Pollution vulnerability through #set path assignment
Summary A prototype pollution vulnerability was discovered in Velocity.js key = val. Because there is no validation or filtering to block sensitive keys such as \proto\, constructor, or prototype, an attacker can traverse the prototype chain and pollute the global Object.prototype. PoC javascript...
UBUNTU-CVE-2026-44916
In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...
CVE-2026-39823
Summary: CVE-2026-39823 covers an escapebug in HTML meta tag content handling that can trigger XSS when URLs are inserted into a meta tag’s content attribute and whitespace is manipulated. Multiple connected sources confirm the issue and describe the root cause as incorrect escaping of URLs insid...
CVE-2026-36458
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...
CVE-2026-36458
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...
PT-2026-38442
Name of the Vulnerable Software and Affected Versions ChestnutCMS version 1.5.10 Description A SQL injection issue exists where the content parameter of the 'cms content' tag can be manipulated within the admin backend. This allows the parameter to be injected into a SQL query during template...