96 matches found
EUVD-2026-22190
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...
CVE-2026-34984 External Secrets Operator has DNS exfiltration via getHostByName in its v2 template engine
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...
CVE-2026-34984
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...
Astra Linux – Vulnerability in ansible-core
A flaw was discovered in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections by using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within...
BIT-AIRFLOW-2025-68438 Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...
CVE-2025-68438
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...
Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...
CVE-2025-68438
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...
PYSEC-2026-9
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed coremaxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...
CVE-2025-68438 Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...
EUVD-2020-18734
Malware in sbrugna...
EUVD-2020-18733
Malware in sbrugna...
EUVD-2020-18731
Malware in sbrugna...
EUVD-2020-18735
Malware in sbrugna...
EUVD-2024-3228
Malicious code in bioql PyPI...
Amazon Linux 2 : python-templated-dictionary, --advisory ALAS2MOCK2-2025-001 (ALASMOCK2-2025-001)
It is, therefore, affected by a vulnerability as referenced in the ALAS2MOCK2-2025-001 advisory. The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems...
Medium: python-templated-dictionary
Issue Overview: The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2...
CVE-2025-59049
Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal...
BIT-SUPERSET-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...
Arbitrary Code Execution
Ansible-Core is vulnerable to Arbitrary Code Execution. The vulnerability is due to attackers bypassing unsafe content protections by using the hostvars object to reference and execute templated content, potentially leading to code execution if remote data or module outputs are improperly templat...