CVE-2024-12140

The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it...

F5 BIG-IP Security Vulnerabilities

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other features. A security vulnerability exists in the F5 BIG-IP that originates when operating in appliance mode, where an authenticated...

Path Traversal

swig-templates is vulnerable to Path Traversal. The vulnerability exists due to improper template restrictions which allows an attacker to access and read the files outside the restricted directory through the include or extends tags...

Arbitrary Code Execution

swig is vulnerable to Arbitrary Code Execution. The vulnerability is due to a lack of template restrictions; if an attacker has access to the template file, they can inject and execute malicious code through a maliciously crafted Object.prototype anonymous function...

Spoofing

In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCodeto bypass sandbox to execute arbitrary PHP code when disablenativefuncs is true...