Lucene search
+L

66 matches found

Cvelist
Cvelist
added 2026/01/21 10:20 p.m.20 views

CVE-2026-23986 Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true

Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

6.9CVSS0.00224EPSS
Exploits1References3
OSV
OSV
added 2026/01/21 10:20 p.m.10 views

CVE-2026-23986 Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true

Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

6.9CVSS5.8AI score0.00224EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/26 7:3 p.m.10 views

PT-2025-136: Path Traversal in mPDF

The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...

6.9CVSS5.9AI score
Exploits0
OSV
OSV
added 2025/11/25 7:6 p.m.5 views

CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...

3.3CVSS6.9AI score0.00145EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-1077

Malware in sbrugna...

7.5CVSS6AI score0.01954EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-2640

Malware in sbrugna...

7.5CVSS6.4AI score0.3903EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2085

Malware in sbrugna...

7.8CVSS7.6AI score0.01298EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-44361

Malicious code in bioql PyPI...

6.9CVSS6.7AI score0.00544EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-43050

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00815EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-43051

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00798EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-22945

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00852EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-32814

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01328EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-32972

Malicious code in bioql PyPI...

7.3CVSS6.3AI score0.01037EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-1383

Malicious code in bioql PyPI...

6.8CVSS6.5AI score0.00491EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-2026

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.03127EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.6 views

PT-2025-36626

Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...

8.1CVSS7.7AI score
Exploits0References9
Github Security Blog
Github Security Blog
added 2025/08/18 9:0 p.m.6 views

Copier's safe template has arbitrary filesystem read/write access

Impact Copier's current security model shall restrict filesystem access through Jinja: - Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case. - Files are written in the destination directory according to...

8.5CVSS7.2AI score0.0024EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/08/18 4:21 p.m.15 views

CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...

8.5CVSS0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/13 5:4 p.m.9 views

CVE-2025-49583 XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right

XWiki is a generic wiki platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can ...

5.1CVSS6.6AI score0.00228EPSS
Exploits1References3
OSV
OSV
added 2025/03/11 8:15 a.m.4 views

CVE-2025-27911

An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion if saved to...

6.5CVSS5.8AI score0.00403EPSS
Exploits0References2
Rows per page
Query Builder