Skip to main content

CWE-791

Incomplete Filtering of Special Elements

24 CVEs Avg CVSS 5.4 MITRE
1
CRITICAL
7
HIGH
10
MEDIUM
6
LOW
7
POC
0
KEV

Monthly

CVE-2026-11998 HIGH This Week

Arbitrary JavaScript execution in AngularJS (all versions from 1.2.0-rc.3 onward) arises from a flaw in Strict Contextual Escaping (SCE) where resource-URL allowlist regular expressions are matched against URLs as partial rather than whole-string matches, letting attacker-controlled values slip past trusted-URL policies. A successful bypass runs script in the victim's browser session (script src, iframe documents, route templates), enabling client-side compromise; the framework is End-of-Life with no upstream fix, and a CodePen demonstration of the bypass is publicly available. No CISA KEV listing and no evidence of active exploitation were provided.

Information Disclosure
NVD HeroDevs VulDB
CVSS 3.1
7.6
EPSS
0.2%
CVE-2026-44232 npm HIGH PATCH GHSA This Week

The dssrf Node.js library (versions < 1.3.0) allows Server-Side Request Forgery (SSRF) protection bypass through IPv6 addresses targeting internal resources. Attackers can craft HTTP requests using IPv6 loopback (::1), unique local addresses (fc00::/7), link-local addresses (fe80::/10), IPv4-mapped IPv6 addresses (::ffff:127.0.0.1, ::ffff:169.254.169.254), NAT64 prefixes, and other IPv6 categories to access internal services, cloud metadata endpoints (IMDS), and private networks that the library was explicitly designed to block. The vulnerability directly contradicts dssrf documentation claiming IPv6 is disabled entirely, and a publicly available exploit code (POC) demonstrates all affected IPv6 categories. Patch available in version 1.3.0.

SSRF Node.js
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-5987 LOW Monitor

Improper neutralization of special elements in FreeMarker template processing within Sanluan PublicCMS up to version 6.202506.d allows high-privileged remote attackers to cause information disclosure through manipulation of the AbstractFreemarkerView.doRender function. The vulnerability has a CVSS score of 5.1 with publicly available exploit code, though exploitation requires administrative privileges (PR:H). CISA KEV status not confirmed; however, the disclosure of exploit code and vendor non-response indicate moderate real-world risk despite the high privilege requirement.

Information Disclosure Java
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3725 LOW Monitor

SmartAdmin versions up to 3.29 contain a template injection vulnerability in the FreeMarker template handler that allows authenticated remote attackers to manipulate template content and achieve code execution. The flaw exists in the MailService component's freemarkerResolverContent function and has a public exploit available. Since no patch is available and the vendor has not responded, organizations using affected versions should immediately assess exposure and consider alternative solutions.

Java Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3714 MEDIUM This Month

OpenCart 4.0.2.3 contains an incomplete fix for a template injection vulnerability in the admin template controller that allows high-privileged attackers to inject malicious code through improper neutralization of special template elements. An authenticated administrator can exploit this flaw to achieve arbitrary code execution on the affected system. No patch is currently available, and the vendor has not responded to disclosure attempts.

PHP Opencart
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-2969 PyPI LOW POC Monitor

Improper input sanitization in Datapizza AI 0.0.2's Jinja2 template handler allows remote attackers with high privileges to inject malicious template syntax through the ChatPromptTemplate function, potentially enabling code execution or information disclosure. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Information Disclosure Datapizza Ai
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-14731 LOW POC Monitor

Template injection in CTCMS up to version 2.1.2 allows authenticated remote attackers to bypass template engine protections via improper neutralization of special elements in the Frontend/Template Management Module. The vulnerability affects the CT_Parser.php library and enables information disclosure with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS exploitation probability remains low at 0.09% (26th percentile), suggesting limited real-world weaponization despite POC availability.

PHP Information Disclosure Ctcms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-9094 LOW Monitor

A vulnerability was detected in ThingsBoard 4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-6761 MEDIUM This Month

A security vulnerability in A vulnerability (CVSS 7.3). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6518 PyPI LOW Monitor

A security vulnerability in PySpur-Dev pyspur (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
EPSS 0% CVSS 7.6
HIGH This Week

Arbitrary JavaScript execution in AngularJS (all versions from 1.2.0-rc.3 onward) arises from a flaw in Strict Contextual Escaping (SCE) where resource-URL allowlist regular expressions are matched against URLs as partial rather than whole-string matches, letting attacker-controlled values slip past trusted-URL policies. A successful bypass runs script in the victim's browser session (script src, iframe documents, route templates), enabling client-side compromise; the framework is End-of-Life with no upstream fix, and a CodePen demonstration of the bypass is publicly available. No CISA KEV listing and no evidence of active exploitation were provided.

Information Disclosure
NVD HeroDevs VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

The dssrf Node.js library (versions < 1.3.0) allows Server-Side Request Forgery (SSRF) protection bypass through IPv6 addresses targeting internal resources. Attackers can craft HTTP requests using IPv6 loopback (::1), unique local addresses (fc00::/7), link-local addresses (fe80::/10), IPv4-mapped IPv6 addresses (::ffff:127.0.0.1, ::ffff:169.254.169.254), NAT64 prefixes, and other IPv6 categories to access internal services, cloud metadata endpoints (IMDS), and private networks that the library was explicitly designed to block. The vulnerability directly contradicts dssrf documentation claiming IPv6 is disabled entirely, and a publicly available exploit code (POC) demonstrates all affected IPv6 categories. Patch available in version 1.3.0.

SSRF Node.js
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW Monitor

Improper neutralization of special elements in FreeMarker template processing within Sanluan PublicCMS up to version 6.202506.d allows high-privileged remote attackers to cause information disclosure through manipulation of the AbstractFreemarkerView.doRender function. The vulnerability has a CVSS score of 5.1 with publicly available exploit code, though exploitation requires administrative privileges (PR:H). CISA KEV status not confirmed; however, the disclosure of exploit code and vendor non-response indicate moderate real-world risk despite the high privilege requirement.

Information Disclosure Java
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SmartAdmin versions up to 3.29 contain a template injection vulnerability in the FreeMarker template handler that allows authenticated remote attackers to manipulate template content and achieve code execution. The flaw exists in the MailService component's freemarkerResolverContent function and has a public exploit available. Since no patch is available and the vendor has not responded, organizations using affected versions should immediately assess exposure and consider alternative solutions.

Java Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM This Month

OpenCart 4.0.2.3 contains an incomplete fix for a template injection vulnerability in the admin template controller that allows high-privileged attackers to inject malicious code through improper neutralization of special template elements. An authenticated administrator can exploit this flaw to achieve arbitrary code execution on the affected system. No patch is currently available, and the vendor has not responded to disclosure attempts.

PHP Opencart
NVD VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

Improper input sanitization in Datapizza AI 0.0.2's Jinja2 template handler allows remote attackers with high privileges to inject malicious template syntax through the ChatPromptTemplate function, potentially enabling code execution or information disclosure. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Information Disclosure Datapizza Ai
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Template injection in CTCMS up to version 2.1.2 allows authenticated remote attackers to bypass template engine protections via improper neutralization of special elements in the Frontend/Template Management Module. The vulnerability affects the CT_Parser.php library and enables information disclosure with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS exploitation probability remains low at 0.09% (26th percentile), suggesting limited real-world weaponization despite POC availability.

PHP Information Disclosure Ctcms
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

A vulnerability was detected in ThingsBoard 4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A security vulnerability in A vulnerability (CVSS 7.3). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

A security vulnerability in PySpur-Dev pyspur (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy