CVE-2026-55760
Description détaillée
Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile() using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template names derived from URL path parameters, request parameters, or other user-controlled sources. This issue is fixed in version 4.5.2.
Vecteur d'attaque (CVSS)
Dernières Vulnérabilités
CVE-2026-5923
Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage.
CVE-2026-5922
The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage.
CVE-2026-55878
Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative() accepts paths like ../../../etc, a crafted or compromised kit can write attacker-controlled content to arbitrary locations or read local files outside the recipe directory. This issue is fixed in versions 2.36.1 and 3.2.0.
