Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.11 views

CVE-2026-39826

A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only 'type' attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting XSS. An...

6.1CVSS5.3AI score0.00371EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/09 2:43 a.m.10 views

SUSE CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.9AI score0.00371EPSS
Exploits0References14
NVD
NVD
added 2026/05/07 8:16 p.m.36 views

CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS0.00371EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/07 8:16 p.m.8 views

CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.8AI score0.00371EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/05/07 7:41 p.m.10 views

CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.9AI score0.00371EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:41 p.m.10 views

CVE-2026-39826

If a trusted template author were to write a...

5.8AI score0.00371EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/07 7:41 p.m.12 views

CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.9AI score0.00371EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.13 views

PT-2026-38567

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw exists where a trusted template author can include a tag with an empty type attribute or a type attribute containing ASCII whitespace. This causes the...

6.4CVSS5.9AI score0.00371EPSS
Exploits0
Snyk
Snyk
added 2026/04/08 3:3 p.m.7 views

UNIX Symbolic Link (Symlink) Following

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the include, render, and layout directories, when symlinks are placed within a trusted...

8.2CVSS5.8AI score0.00396EPSS
Exploits1References2
Rows per page
Query Builder