Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

30 matches found

SUSE CVE
SUSE CVEadded 2026/03/24 12:24 a.m.2 views

SUSE CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

8.1CVSS5.8AI score0.00024EPSS
Exploits1References3
Snyk
Snykadded 2026/03/20 10:39 p.m.0 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview dynaconf is a The dynamic configurator for your Python Project Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to unsafe template evaluation in the @Jinja resolver. An attacker can execute arbitrary code by...

8.1CVSS6.2AI score0.00024EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2026/03/20 9:17 p.m.0 views

CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

8.1CVSS5.9AI score0.00024EPSS
Exploits1References5
OSV
OSVadded 2026/03/20 9:17 p.m.0 views

UBUNTU-CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

8.1CVSS5.8AI score0.00024EPSS
Exploits1References6
OSV
OSVadded 2026/03/20 8:22 p.m.1 views

CVE-2026-33154 dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

7.5CVSS5.8AI score0.00024EPSS
Exploits1References5
Debian CVE
Debian CVEadded 2026/03/20 8:22 p.m.4 views

CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

8.1CVSS5.3AI score0.00024EPSS
Exploits1
Vulnrichment
Vulnrichmentadded 2026/03/20 8:22 p.m.0 views

CVE-2026-33154 dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

7.5CVSS5.7AI score0.00024EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-5093

Malicious code in bioql PyPI...

10CVSS6.6AI score0.00474EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-34387

Malicious code in bioql PyPI...

7.5CVSS8.9AI score0.00087EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/14 4:48 p.m.8 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-45339 DESCRIPTION: When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log fil...

8.8CVSS7.9AI score0.30014EPSS
Exploits13Affected Software1
CNNVD
CNNVDadded 2025/03/23 12:0 a.m.2 views

WordPress plugin Nested Pages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.8CVSS7.8AI score0.00075EPSS
Exploits1References1
NVD
NVDadded 2025/02/18 9:15 p.m.3 views

CVE-2025-26612

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, adicionaralmoxarife.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

10CVSS0.00514EPSS
Exploits1References1
NVD
NVDadded 2025/02/18 9:15 p.m.3 views

CVE-2025-26608

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, dependentedocdependente.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing...

10CVSS0.00474EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/02/18 8:38 p.m.12 views

CVE-2025-26605 SQL Injection endpoint 'deletar_cargo.php' parameter 'id_cargo' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access...

9.4CVSS8.5AI score0.00534EPSS
Exploits1References1
CVE
CVEadded 2025/02/18 8:38 p.m.62 views

CVE-2025-26605

WeGIA (Web Manager for Institutions) has a SQL Injection vulnerability in the deletar_cargo.php endpoint, specifically the id_cargo parameter, that could allow an authorized attacker to execute arbitrary SQL and access sensitive data. The issue is addressed in version 3.2.13; upgrading is advised...

9.4CVSS8.3AI score0.00534EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2025/02/18 8:37 p.m.5 views

CVE-2025-26606 SQL Injection endpoint 'informacao_adicional.php' parameter 'id_descricao' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, informacaoadicional.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

10CVSS8.1AI score0.00474EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/02/18 8:37 p.m.17 views

CVE-2025-26606 SQL Injection endpoint 'informacao_adicional.php' parameter 'id_descricao' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, informacaoadicional.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

10CVSS0.00474EPSS
Exploits1References1
CVE
CVEadded 2025/02/18 8:36 p.m.52 views

CVE-2025-26608

WeGIA (open source Web Manager) has a SQL Injection in the dependente_docdependente.php endpoint (affecting parameters like id_dependente and id_doc) that allows arbitrary SQL execution and unauthorized data access. Root cause: improper input handling leading to query manipulation. Impact: potent...

10CVSS8.3AI score0.00474EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2025/02/18 8:34 p.m.60 views

CVE-2025-26611

CVE-2025-26611 affects WeGIA, an open-source Web Manager for institutions. The vulnerability is a SQL Injection in the remover_produto.php endpoint (likely via the id_produto parameter), enabling arbitrary SQL queries and potential unauthorized access to sensitive data. The issue has been fixed i...

10CVSS8.3AI score0.00474EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2025/02/18 8:34 p.m.3 views

CVE-2025-26612 SQL Injection endpoint 'adicionar_almoxarife.php' parameter 'id_almoxarifado', 'id_funcionario' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, adicionaralmoxarife.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

10CVSS8.1AI score0.00514EPSS
Exploits1References3
Rows per page
Query Builder