CVE-2026-22244 OpenMetadata Server-Side Template Injection (SSTI) in FreeMarker email templates that leads to RCE

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection SSTI in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch...

Apache StreamPark: FreeMarker SSTI RCE Vulnerability

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4...

CVE-2024-29178 Apache StreamPark: FreeMarker SSTI RCE Vulnerability

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4...

GHSA-2JV3-V37P-65W3 CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

CVE-2022-40634

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

CVE-2022-40634

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

Design/Logic Flaw

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

CVE-2022-40634

CVE-2022-40634 affects Crafter CMS Crafter Studio. The vulnerability arises from improper control of dynamically-managed code resources, enabling Server-Side Template Injection via FreeMarker (SSTI). Exploitation requires authenticated user credentials and can lead to OS command execution, as des...

CVE-2022-40634 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

EUVD-2022-6664

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

Exploit for Code Injection in Vmware Identity_Manager

CVE-2022-22954 CVE-2022-22954 VMware Workspace ONE Access free...