66 matches found
CVE-2026-23986 Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true
Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...
CVE-2026-23986 Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true
Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...
PT-2025-136: Path Traversal in mPDF
The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...
CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...
EUVD-2008-1077
Malware in sbrugna...
EUVD-2008-2640
Malware in sbrugna...
EUVD-2021-2085
Malware in sbrugna...
EUVD-2023-44361
Malicious code in bioql PyPI...
EUVD-2023-43050
Malicious code in bioql PyPI...
EUVD-2023-43051
Malicious code in bioql PyPI...
EUVD-2024-22945
Malicious code in bioql PyPI...
EUVD-2021-32814
Malicious code in bioql PyPI...
EUVD-2023-32972
Malicious code in bioql PyPI...
EUVD-2024-1383
Malicious code in bioql PyPI...
EUVD-2022-2026
Malicious code in bioql PyPI...
PT-2025-36626
Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...
Copier's safe template has arbitrary filesystem read/write access
Impact Copier's current security model shall restrict filesystem access through Jinja: - Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case. - Files are written in the destination directory according to...
CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...
CVE-2025-49583 XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right
XWiki is a generic wiki platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can ...
CVE-2025-27911
An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion if saved to...