Lucene search
K

2496 matches found

Nuclei
Nuclei
added 19 hours ago454 views

JeecgBoot JimuReport - Template injection

A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed t...

9.8CVSS6.2AI score0.11407EPSS
Exploits0References3
Nuclei
Nuclei
added 19 hours ago266 views

Node.js Embedded JavaScript 3.1.6 - Template Injection

Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settingsview optionsoutputFunctionName, which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation. id:...

9.8CVSS6.8AI score0.32386EPSS
Exploits5References5
Nuclei
Nuclei
added 19 hours ago16 views

PHPCMS 2008 - Remote Code Execution via Template Injection

PHPCMS 2008 suffers from an unauthenticated RCE via template injection in type.php, where attacker-supplied content is written into a PHP template cache file, which is then executable. id: CVE-2018-19127 info: name: PHPCMS 2008 - Remote Code Execution via Template Injection author: tomaquet18...

9.8CVSS7.2AI score0.20766EPSS
Exploits0References3
Nuclei
Nuclei
added 19 hours ago65 views

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

5.4CVSS6.1AI score0.01027EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago16 views

XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)

XWiki = 17.3.0 contains a server-side template injection caused by improper validation of Apache Velocity template code in the Administration interface HTTP Meta Info field, letting authenticated administrators execute arbitrary template logic. id: CVE-2025-51991 info: name: XWiki = 17.3.0 -...

8.8CVSS7.4AI score0.03366EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago223 views

OpenAM<=15.0.3 FreeMarker - Template Injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input id: CVE-2024-41667 info: name: OpenAM=15.0.3 FreeMarker - Template Injection...

8.8CVSS7.2AI score0.03536EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday27 views

CVE-2026-60120 Bagisto < 2.4.4 Stored XSS via CSTI in create.blade.php

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. Th...

5.4CVSS
Exploits0References3
Nuclei
Nuclei
added 2 days ago209 views

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

9.8CVSS7.6AI score0.99485EPSS
Exploits20References2
Nuclei
Nuclei
added 3 days ago157 views

Invision Community <=5.0.6 Unauthenticated RCE via Template Injection

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller /applications/core/modules/front/system/themeeditor.php, where a protected method named customCss can be invoked by unauthenticated...

10CVSS7.9AI score0.84803EPSS
Exploits6References5
Github Security Blog
Github Security Blog
added 2026/07/01 5:56 p.m.6 views

GeoNetwork has reflected XSS through client-side template injection

Summary It is possible to craft a URL that causes GeoNetwork to reflect attacker-controlled content into an error page in a way that gets evaluated as a client-side template expression. Combined with known AngularJS sandbox-escape techniques, this can be used to execute arbitrary JavaScript in th...

6.2AI score
Exploits0References2Affected Software1
Nuclei
Nuclei
added 2026/07/01 11:28 a.m.11 views

FOSSBilling - Server-Side Template Injection

A Server-Side Template Injection SSTI vulnerability exists in FOSSBilling's template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custom payment adapters, and the stringrender API endpoint can inject arbitrary Twig...

9.4CVSS6.2AI score0.01892EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.6 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.9CVSS6.6AI score0.0068EPSS
Exploits5References13
NVD
NVD
added 2026/06/30 11:17 p.m.9 views

CVE-2026-56700

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed classes, enabling PHP object injection and, via a gadget...

9.8CVSS0.01683EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.17 views

CVE-2026-56700

Grav CMS (before 2.0.0-beta.2) contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session deserialize untrusted data, enabling PHP object injection and, via a gadget chain, arbitrary code execution when ...

9.8CVSS6.4AI score0.01683EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-54048

Name of the Vulnerable Software and Affected Versions Grav CMS versions prior to 2.0.0-beta.2 Description Multiple issues allow for code execution. Three unsafe unserialize calls within SchedulerJobQueue, FrameworkCacheAdapterFileCache, and Session deserialize untrusted data without restricting...

9.8CVSS6.5AI score0.01683EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 4:2 p.m.19 views

CVE-2026-13749

Snowflake CLI prior to 3.19 is affected by Improper neutralization in the Snowpark annotation processor callback template, enabling arbitrary code execution during bundling or deployment. An attacker can supply crafted project content that is interpolated into generated Python code, causing code ...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-392 llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata

Description llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers, and...

9.6CVSS7.8AI score0.2842EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-492 pyLoad allows upload to arbitrary folder lead to RCE

Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/appblueprint.py python @bp.route"/render/", endpoint="render" def renderfilename:...

9.1CVSS7.5AI score0.01354EPSS
Exploits1References5
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

pyLoad allows upload to arbitrary folder lead to RCE

SummaryAn authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Detailsexample version: 0.5file:src/pyload/webui/app/blueprints/[email protected]"/render/", endpoint="render"def renderfilename: mimetype =...

9.1CVSS7.5AI score0.01354EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-387 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS7.7AI score0.01256EPSS
Exploits1References9
Rows per page
Query Builder