280 matches found
EUVD-2024-55329
FoF Pretty Mail has a server-side template injection vulnerability...
EUVD-2024-55338
Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...
CVE-2024-58293 Akaunting 3.1.8 Server-Side Template Injection via Multiple Form Fields
Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...
Pretty Mail by FriendsOfFlarum 安全漏洞
Pretty Mail by FriendsOfFlarum is an open source tool from Friends of Flarum that allows you to make custom html templates for emails. A security vulnerability exists in Pretty Mail by FriendsOfFlarum version 1.1.2, which stems from a server-side template injection in an email template that could...
CVE-2025-66571 UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...
CVE-2025-12844
CVE-2025-12844 affects the WordPress plugin AI Engine (versions up to and including 3.1.8). It describes a PHP Object Injection via PHAR Deserialization in rest_simpleTranscribeAudio and rest_simpleVisionQuery. Impact is limited unless a PHP Object Injection (POP) chain exists in another plugin/t...
WordPress Ajax Search Lite plugin <= 4.13.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Valentinos Chouris in WordPress Plugin Ajax Search Lite versions = 4.13.3...
CVE-2025-62416 bagisto - Server Side Template Injection (SSTI) in Product Description
Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privilege...
Webkul Software Bagisto 安全漏洞
Webkul Software Bagisto is an open source e-commerce framework from Webkul Software, India. A security vulnerability exists in Webkul Software Bagisto version 2.3.7, which stems from the server-side template engine processing uncleaned user input, and could lead to server-side template injection...
EUVD-2018-3105
Malware in sbrugna...
EUVD-2021-1411
Malware in sbrugna...
EUVD-2020-28245
Malware in sbrugna...
EUVD-2021-32425
Malicious code in bioql PyPI...
EUVD-2021-32424
Malicious code in bioql PyPI...
EUVD-2024-52978
Malicious code in bioql PyPI...
EUVD-2024-28293
Malicious code in bioql PyPI...
EUVD-2025-29045
Malicious code in bioql PyPI...
EUVD-2021-32423
Malicious code in bioql PyPI...
EUVD-2022-7032
Malicious code in bioql PyPI...
EUVD-2021-32427
Malicious code in bioql PyPI...