458 matches found
Arbitrary Code Execution
Jenkins Templating Engine Plugin is vulnerable to Arbitrary Code Execution. The vulnerability is due to libraries defined in folders not being subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the Jenkins controller JVM...
CVE-2025-66298
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload to exploit a Server-Side Template SST vulnerability. Sensitive information may be...
TencentOS Server 4: ansible (TSSA-2025:0626)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0626 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
ROS-20251117-05
A vulnerability in the LXD container and lightweight virtual machine management system is related to redundant API data output. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information The vulnerability in the LXD container and...
ROS-20251117-04
A vulnerability in the LXD container and lightweight virtual machine management system is related to redundant API data output. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information The vulnerability in the LXD container and...
CVE-2025-62369
Xibo is an open source digital signage platform with a web content management system CMS. Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System - Add/Edit custom modules and...
CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates
Xibo is an open source digital signage platform with a web content management system CMS. Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System - Add/Edit custom modules and...
CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates
Xibo is an open source digital signage platform with a web content management system CMS. Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System - Add/Edit custom modules and...
CVE-2025-62369
The CVE concerns Xibo CMS: versions 4.3.0 and earlier expose a Remote Code Execution flaw in the CMS Developer menu’s Module Templating functionality. Authentication with System -> Add/Edit custom modules and templates permissions allows manipulation of Twig filters and execution of arbitrary ...
CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates
Xibo is an open source digital signage platform with a web content management system CMS. Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System - Add/Edit custom modules and...
Command Injection
@anthropic-ai/claude-code is vulnerable to Command Injection. The vulnerability is due to the application executing a command templated with git config user.email at startup without validating or sanitizing the input, which allows an attacker to use a maliciously configured Git user email to...
GHSA-VFFH-C9PQ-4CRH Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read
Summary In some Notification types e.g., Webhook, Telegram, the send function allows user-controlled renderTemplate input. This leads to a Server-side Template Injection SSTI vulnerability that can be exploited to read arbitrary files from the server. Details The root cause is how Uptime Kuma...
EUVD-2025-34816
bagisto has Server Side Template Injection SSTI in Product Description...
GHSA-527Q-4WQV-G9WJ bagisto has Server Side Template Injection (SSTI) in Product Description
Summary Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privileges to inject arbitrary template expressions tha...
EUVD-2018-0746
Malware in sbrugna...
EUVD-2011-4964
Malware in sbrugna...
EUVD-2021-2455
Malware in sbrugna...
EUVD-2019-0006
Malware in sbrugna...
EUVD-2019-0360
Malware in sbrugna...
EUVD-2021-13869
Malware in sbrugna...