Lucene search
K

406 matches found

Vulnrichment
Vulnrichment
added 2025/07/17 1:47 p.m.8 views

CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...

9.1CVSS7.7AI score0.00464EPSS
Exploits0References2
CVE
CVE
added 2025/07/17 1:47 p.m.31 views

CVE-2025-53909

CVE-2025-53909 affects mailcow: dockerized. A Server-Side Template Injection (SSTI) exists in the quota/quarantine notification template rendering system, allowing template expressions to be abused to execute code in certain contexts. The issue requires admin-level access to configure templates, ...

9.1CVSS7.1AI score0.00464EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/07/17 1:47 p.m.16 views

CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...

9.1CVSS0.00464EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/17 12:0 a.m.7 views

PT-2025-29910 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow: dockerized versions prior to 2025-07 Description: A Server-Side Template Injection SSTI vulnerability exists in the notification template system used for sending quota and quarantine alerts. The template rendering engine allows...

9.1CVSS7AI score0.00464EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 10:20 a.m.8 views

CVE-2024-32404

Server-Side Template Injection SSTI vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature...

6CVSS8.2AI score0.00797EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:13 a.m.8 views

CVE-2023-41544

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component...

9.8CVSS8.2AI score0.02657EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:35 p.m.7 views

CVE-2021-43097

A Server-side Template Injection SSTI vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code...

7.2CVSS7.8AI score0.02235EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:55 p.m.6 views

CVE-2021-44978

iCMS = 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution...

9.8CVSS7.5AI score0.02166EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/07 8:12 p.m.9 views

CVE-2025-46731

Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and ALLOWADMINCHANGES must be enabled for this to work...

8.6CVSS7.8AI score0.01221EPSS
Exploits0References1
NVD
NVD
added 2025/05/05 8:15 p.m.31 views

CVE-2025-46731

Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and ALLOWADMINCHANGES must be enabled for this to work...

8.6CVSS0.01221EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/05 7:35 p.m.22 views

Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI

Craft CMS contains a potential remote code execution vulnerability via Twig SSTI. You must have administrator access and ALLOWADMINCHANGES must be enabled for this to work. https://craftcms.com/knowledge-base/securing-craftset-allowAdminChanges-to-false-in-production Note: This is a follow-up to...

8.6CVSS7.8AI score0.01221EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/05/05 7:35 p.m.15 views

GHSA-7C58-G782-9J38 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI

Craft CMS contains a potential remote code execution vulnerability via Twig SSTI. You must have administrator access and ALLOWADMINCHANGES must be enabled for this to work. https://craftcms.com/knowledge-base/securing-craftset-allowAdminChanges-to-false-in-production Note: This is a follow-up to...

8.6CVSS7.8AI score0.01221EPSS
Exploits0References6
CVE
CVE
added 2025/05/05 7:35 p.m.65 views

CVE-2025-46731

CVE-2025-46731 affects Craft CMS on the 4.x line prior to 4.14.13 and the 5.x line prior to 5.6.16, with a remote code execution vulnerability exploitable via Twig SSTI. An attacker must have administrator access and ALLOW_ADMIN_CHANGES enabled for exploitation. Remediation is to upgrade to patch...

8.6CVSS7.5AI score0.01221EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/05/05 7:35 p.m.26 views

CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI

Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and ALLOWADMINCHANGES must be enabled for this to work...

8.6CVSS0.01221EPSS
Exploits0References4
OSV
OSV
added 2025/05/05 7:35 p.m.5 views

CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI

Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and ALLOWADMINCHANGES must be enabled for this to work...

8.6CVSS7.7AI score0.01221EPSS
Exploits0References6
NVD
NVD
added 2025/03/05 9:15 p.m.4 views

CVE-2025-25362

A Server-Side Template Injection SSTI vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field...

9.8CVSS0.00728EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/05 12:0 a.m.12 views

CVE-2025-25362

A Server-Side Template Injection SSTI vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field...

0.00728EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/10 12:0 a.m.4 views

CVE-2024-57177

A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...

7.2AI score0.00306EPSS
Exploits0References2
CVE
CVE
added 2025/02/10 12:0 a.m.43 views

CVE-2024-57177

The affected software is perfood/couch-auth (NPM). The vulnerability is a host header injection in the email change confirmation flow for versions

7.3CVSS7.2AI score0.00306EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 12:58 a.m.7 views

CVE-2024-28118

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages ca...

8.8CVSS7.8AI score0.0122EPSS
Exploits1References1
Rows per page
Query Builder