126 matches found
CVE-2025-35113
Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1722)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-22855
Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method Path.Combine from .NET without proper sanitisation. This yields the possibility of including local files, as...
CVE-2023-33962
JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users...
CVE-2023-23630
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to res.render...
CVE-2021-43808
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is...
CVE-2021-21646
Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...
Alibaba Cloud Linux 3 : 0047: fence-agents (ALINUX3-SA-2025:0047)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0047 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-27516: Jinja is an extensible templating...
EulerOS 2.0 SP11 : python-jinja2 (EulerOS-SA-2025-1375)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that...
Security Bulletin: There is a vulnerability in jinja2-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27516)
Summary There is a vulnerability in jinja2-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed...
The vulnerability of the Jenkins Templating Engine (JTE) in the Jenkins automation server, related to improper code generation management, allows attackers to bypass security restrictions and execute arbitrary code.
The vulnerability of the Jenkins Templating Engine JTE in the Jenkins automation server is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary code...
CVE-2025-31722
In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...
Jenkins Templating Engine Plugin Vulnerable to Arbitrary Code Execution
Jenkins Templating Engine Plugin allows defining libraries both in the global configuration, as well as scoped to folders containing the pipelines using them. While libraries in the global configuration can only be set up by administrators and can therefore be trusted, libraries defined in folder...
Privilege Context Switching Error
Overview Affected versions of this package are vulnerable to Privilege Context Switching Error due to the injectPrimitives function not taking sandbox protection into account for folder-scoped libraries. A user with Item/Configure permission can bypass the sandbox to execute code in the Jenkins...
GHSA-4VJP-327P-W4QV Jenkins Templating Engine Plugin Vulnerable to Arbitrary Code Execution
Jenkins Templating Engine Plugin allows defining libraries both in the global configuration, as well as scoped to folders containing the pipelines using them. While libraries in the global configuration can only be set up by administrators and can therefore be trusted, libraries defined in folder...
CVE-2025-31722
In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...
CVE-2025-31722
In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...
CVE-2025-31722
In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...
CVE-2025-31722
In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...
CVE-2025-31722
In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...