6 matches found
CVE-2026-9558
A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...
CVE-2026-9558
A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...
CVE-2026-9558
A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...
PT-2026-44802
A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...
WP eCommerce <= 3.11.3 - SQL Injection in sessionid
From vendor: "This vulnerability only affects users who use eWay as their payment gateway, have Gold Cart activated, and are using the as-of-yet-unreleased Theme Engine 2.0. We believe the number of users affected is likely close to zero, due to these conditions – but still, we highly recommend...
PT-2011-1768 · Gtk+ Team · Gtk+
Name of the Vulnerable Software and Affected Versions: GTK+ versions prior to 2.24.0 Description: The issue is related to an untrusted search path vulnerability in the modules/engines/ms-windows/xp theme.c module. This allows local users to gain privileges via a Trojan horse uxtheme.dll file in t...