Monthly
The dssrf Node.js library (versions < 1.3.0) allows Server-Side Request Forgery (SSRF) protection bypass through IPv6 addresses targeting internal resources. Attackers can craft HTTP requests using IPv6 loopback (::1), unique local addresses (fc00::/7), link-local addresses (fe80::/10), IPv4-mapped IPv6 addresses (::ffff:127.0.0.1, ::ffff:169.254.169.254), NAT64 prefixes, and other IPv6 categories to access internal services, cloud metadata endpoints (IMDS), and private networks that the library was explicitly designed to block. The vulnerability directly contradicts dssrf documentation claiming IPv6 is disabled entirely, and a publicly available exploit code (POC) demonstrates all affected IPv6 categories. Patch available in version 1.3.0.
Improper neutralization of special elements in FreeMarker template processing within Sanluan PublicCMS up to version 6.202506.d allows high-privileged remote attackers to cause information disclosure through manipulation of the AbstractFreemarkerView.doRender function. The vulnerability has a CVSS score of 5.1 with publicly available exploit code, though exploitation requires administrative privileges (PR:H). CISA KEV status not confirmed; however, the disclosure of exploit code and vendor non-response indicate moderate real-world risk despite the high privilege requirement.
SmartAdmin versions up to 3.29 contain a template injection vulnerability in the FreeMarker template handler that allows authenticated remote attackers to manipulate template content and achieve code execution. The flaw exists in the MailService component's freemarkerResolverContent function and has a public exploit available. Since no patch is available and the vendor has not responded, organizations using affected versions should immediately assess exposure and consider alternative solutions.
OpenCart 4.0.2.3 contains an incomplete fix for a template injection vulnerability in the admin template controller that allows high-privileged attackers to inject malicious code through improper neutralization of special template elements. An authenticated administrator can exploit this flaw to achieve arbitrary code execution on the affected system. No patch is currently available, and the vendor has not responded to disclosure attempts.
Improper input sanitization in Datapizza AI 0.0.2's Jinja2 template handler allows remote attackers with high privileges to inject malicious template syntax through the ChatPromptTemplate function, potentially enabling code execution or information disclosure. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Template injection in CTCMS up to version 2.1.2 allows authenticated remote attackers to bypass template engine protections via improper neutralization of special elements in the Frontend/Template Management Module. The vulnerability affects the CT_Parser.php library and enables information disclosure with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS exploitation probability remains low at 0.09% (26th percentile), suggesting limited real-world weaponization despite POC availability.
A vulnerability was detected in ThingsBoard 4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A security vulnerability in A vulnerability (CVSS 7.3). High severity vulnerability requiring prompt remediation.
A security vulnerability in PySpur-Dev pyspur (CVSS 6.3). Remediation should follow standard vulnerability management procedures.
A remote code execution vulnerability (CVSS 4.8) that allows attackers. Remediation should follow standard vulnerability management procedures.
The dssrf Node.js library (versions < 1.3.0) allows Server-Side Request Forgery (SSRF) protection bypass through IPv6 addresses targeting internal resources. Attackers can craft HTTP requests using IPv6 loopback (::1), unique local addresses (fc00::/7), link-local addresses (fe80::/10), IPv4-mapped IPv6 addresses (::ffff:127.0.0.1, ::ffff:169.254.169.254), NAT64 prefixes, and other IPv6 categories to access internal services, cloud metadata endpoints (IMDS), and private networks that the library was explicitly designed to block. The vulnerability directly contradicts dssrf documentation claiming IPv6 is disabled entirely, and a publicly available exploit code (POC) demonstrates all affected IPv6 categories. Patch available in version 1.3.0.
Improper neutralization of special elements in FreeMarker template processing within Sanluan PublicCMS up to version 6.202506.d allows high-privileged remote attackers to cause information disclosure through manipulation of the AbstractFreemarkerView.doRender function. The vulnerability has a CVSS score of 5.1 with publicly available exploit code, though exploitation requires administrative privileges (PR:H). CISA KEV status not confirmed; however, the disclosure of exploit code and vendor non-response indicate moderate real-world risk despite the high privilege requirement.
SmartAdmin versions up to 3.29 contain a template injection vulnerability in the FreeMarker template handler that allows authenticated remote attackers to manipulate template content and achieve code execution. The flaw exists in the MailService component's freemarkerResolverContent function and has a public exploit available. Since no patch is available and the vendor has not responded, organizations using affected versions should immediately assess exposure and consider alternative solutions.
OpenCart 4.0.2.3 contains an incomplete fix for a template injection vulnerability in the admin template controller that allows high-privileged attackers to inject malicious code through improper neutralization of special template elements. An authenticated administrator can exploit this flaw to achieve arbitrary code execution on the affected system. No patch is currently available, and the vendor has not responded to disclosure attempts.
Improper input sanitization in Datapizza AI 0.0.2's Jinja2 template handler allows remote attackers with high privileges to inject malicious template syntax through the ChatPromptTemplate function, potentially enabling code execution or information disclosure. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Template injection in CTCMS up to version 2.1.2 allows authenticated remote attackers to bypass template engine protections via improper neutralization of special elements in the Frontend/Template Management Module. The vulnerability affects the CT_Parser.php library and enables information disclosure with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS exploitation probability remains low at 0.09% (26th percentile), suggesting limited real-world weaponization despite POC availability.
A vulnerability was detected in ThingsBoard 4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A security vulnerability in A vulnerability (CVSS 7.3). High severity vulnerability requiring prompt remediation.
A security vulnerability in PySpur-Dev pyspur (CVSS 6.3). Remediation should follow standard vulnerability management procedures.
A remote code execution vulnerability (CVSS 4.8) that allows attackers. Remediation should follow standard vulnerability management procedures.