Lucene search
K

6 matches found

CVE
CVE
added 4 hours ago8 views

CVE-2026-45419

DataEase contains an arbitrary file write vulnerability present before version 2.10.23. The flaw resides in template handling: the TemplateManageService#save, StaticResourceServer#saveFilesToServe methods and the /de2api/templateManage/save endpoint accept attacker-controlled staticResource names...

8.5CVSS6.2AI score0.00024EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/04 12:25 p.m.9 views

Use of Weak Hash

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Use of Weak Hash in the Template.savepilimage function in swift/template/base.py. An attacker can exploit a weakness in cache key integrity to tamper with the...

4.8CVSS5.5AI score0.00075EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 a.m.15 views

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS0.00075EPSS
Exploits0References8
CVE
CVE
added 2026/06/04 11:0 a.m.25 views

CVE-2026-10801

CVE-2026-10801 affects modelscope ms-swift up to 4.2.0 and targets the PIL Image Cache Key Handler, specifically the function Template._save_pil_image in swift/template/base.py. The issue is a manipulation that results in the use of a weak hash, enabling a local attack. The CVE notes a high attac...

3.6CVSS5AI score0.00075EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.26 views

PT-2026-46180

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template. save pil image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References9
CVE
CVE
added 2026/03/08 6:32 a.m.21 views

CVE-2026-3714

OpenCart 4.0.2.3 is affected by a Server-Side Template Injection (SSTI) via the Theme Editor, due to improper validation in the Save function of admin/controller/design/template.php (cited as Incomplete Fix CVE-2024-36694). Remote exploitation is possible, per multiple sources. No fixed version i...

5.8CVSS5.4AI score0.00904EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder