1044 matches found
CVE-2026-28228
OpenOLAT SAS/Velocity SSTI vulnerability (CVE-2026-28228) allows an authenticated author to inject Velocity directives into a reminder email; when processed, directives are evaluated server-side via Velocity #set chained with Java reflection, enabling arbitrary Java class execution (e.g., Process...
CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
tudo-exploits-oswe-prep
tudo-exploits-oswe-prep A project contains all exploits of vul...
PT-2026-29130
Name of the Vulnerable Software and Affected Versions Contact Form by Supsystic plugin for WordPress versions up to and including 1.7.36 Description The Contact Form by Supsystic plugin for WordPress is susceptible to Server-Side Template Injection SSTI, which can lead to Remote Code Execution RC...
CVE-2026-33130
Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...
CVE-2026-33154
A flaw was found in dynaconf, a Python configuration management tool. This Server-Side Template Injection SSTI vulnerability occurs due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is installed. A remote attacker could exploit this by embedding malicious template...
CVE-2026-33154
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...
DEBIAN-CVE-2026-33154
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...
CVE-2026-33154
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...
CVE-2026-33154
CVE-2026-33154 – Dynaconf SSTI (Jinja) vulnerability : Dynaconf for Python is vulnerable before version 3.2.13 due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is present. This can allow Server-Side Template Injection in configuration values. The issue is fixed in ...
CVE-2026-33154
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...
CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)
Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...
CVE-2026-33130
Uptime Kuma (versions 1.23.0–2.2.0) is affected by a server-side template injection (SSTI) in notification templates due to an incomplete fix for GHSA-vffh-c9pq-4crh. The Liquid engine mitigations added to limit path resolution (root, relativeReference, dynamicPartials) only block quoted paths; i...
CVE-2026-33130
Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...
CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)
Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...
PT-2026-26603
Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...
PT-2026-26201
Name of the Vulnerable Software and Affected Versions dynaconf versions prior to 3.2.13 Description dynaconf is susceptible to Server-Side Template Injection SSTI due to insecure template evaluation within the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template...
CVE-2026-31864 JumpServer has a Server-Side Template Injection Leading to RCE via YAML Rendering
JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...
CVE-2026-31864
JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...
CVE-2026-31864
JumpServer is affected by a Server-Side Template Injection (SSTI) in the Applet and VirtualApp upload flow. The manifest.yml is rendered with Jinja2 without sandboxing when processing user-uploaded ZIP packages, allowing template injection. Exploitation requires administrative privileges (Applica...