12 matches found
EUVD-2023-32655
Malicious code in bioql PyPI...
EUVD-2024-1268
Malicious code in bioql PyPI...
CVE-2023-29051
User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users...
CVE-2024-55601
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...
GHSA-C2XF-9V2R-R2RX Hugo does not escape some attributes in internal templates
Impact Some HTML attributes in Markdown in the internal templates listed below not escaped. Impacted are Hugo users who do not trust their Markdown content files and are using one or more of these templates. default/markup/render-link.html from v0.123.0 default/markup/render-image.html from...
CVE-2024-3319
An issue was identified in the Identity Security Cloud ISC Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host...
DEBIAN-CVE-2024-32875
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...
CVE-2024-32875
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...
CVE-2024-32875
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...
CVE-2024-32875
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...
Server-Side Template Injection
getgrav/grav is vulnerable to Server-Side Template Injection. The vulnerability is due to insufficient sandboxing and validation of user-defined Twig template functions and filters, allowing authenticated users to execute arbitrary code on the server...
Design/Logic Flaw
User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users...