406 matches found
CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template
mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...
CVE-2025-53909
CVE-2025-53909 affects mailcow: dockerized. A Server-Side Template Injection (SSTI) exists in the quota/quarantine notification template rendering system, allowing template expressions to be abused to execute code in certain contexts. The issue requires admin-level access to configure templates, ...
CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template
mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...
PT-2025-29910 · Mailcow · Mailcow
Name of the Vulnerable Software and Affected Versions: mailcow: dockerized versions prior to 2025-07 Description: A Server-Side Template Injection SSTI vulnerability exists in the notification template system used for sending quota and quarantine alerts. The template rendering engine allows...
CVE-2024-32404
Server-Side Template Injection SSTI vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature...
CVE-2023-41544
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component...
CVE-2021-43097
A Server-side Template Injection SSTI vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code...
CVE-2021-44978
iCMS = 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution...
CVE-2025-46731
Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and ALLOWADMINCHANGES must be enabled for this to work...
CVE-2025-46731
Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and ALLOWADMINCHANGES must be enabled for this to work...
Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI
Craft CMS contains a potential remote code execution vulnerability via Twig SSTI. You must have administrator access and ALLOWADMINCHANGES must be enabled for this to work. https://craftcms.com/knowledge-base/securing-craftset-allowAdminChanges-to-false-in-production Note: This is a follow-up to...
GHSA-7C58-G782-9J38 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI
Craft CMS contains a potential remote code execution vulnerability via Twig SSTI. You must have administrator access and ALLOWADMINCHANGES must be enabled for this to work. https://craftcms.com/knowledge-base/securing-craftset-allowAdminChanges-to-false-in-production Note: This is a follow-up to...
CVE-2025-46731
CVE-2025-46731 affects Craft CMS on the 4.x line prior to 4.14.13 and the 5.x line prior to 5.6.16, with a remote code execution vulnerability exploitable via Twig SSTI. An attacker must have administrator access and ALLOW_ADMIN_CHANGES enabled for exploitation. Remediation is to upgrade to patch...
CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI
Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and ALLOWADMINCHANGES must be enabled for this to work...
CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI
Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and ALLOWADMINCHANGES must be enabled for this to work...
CVE-2025-25362
A Server-Side Template Injection SSTI vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field...
CVE-2025-25362
A Server-Side Template Injection SSTI vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field...
CVE-2024-57177
A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...
CVE-2024-57177
The affected software is perfood/couch-auth (NPM). The vulnerability is a host header injection in the email change confirmation flow for versions
CVE-2024-28118
Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages ca...