Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.3 views

CVE-2026-28228

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS5.9AI score0.00414EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 8:31 p.m.1 views

CVE-2026-28228

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS5.9AI score0.00414EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/30 8:31 p.m.2 views

CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS5.9AI score0.00414EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/30 8:31 p.m.2 views

EUVD-2026-17201

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS5.9AI score0.00414EPSS
Exploits0References1
CVE
CVE
added 2026/03/30 8:31 p.m.20 views

CVE-2026-28228

OpenOLAT SAS/Velocity SSTI vulnerability (CVE-2026-28228) allows an authenticated author to inject Velocity directives into a reminder email; when processed, directives are evaluated server-side via Velocity #set chained with Java reflection, enabling arbitrary Java class execution (e.g., Process...

8.8CVSS5.9AI score0.00414EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/30 8:31 p.m.4 views

CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS6AI score0.00414EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2017/04/03 12:0 a.m.83 views

BlueCoat CAS 1.3.7.1 Privilege Escalation

Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS Date: April 3, 2017 Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd Contact: chrisdhebertatgmail.com Vendor Security Advisory: https://bto.bluecoat.com/security-advisory/sa138 Version: CAS 1.3 prior to 1.3.7.4 ...

0.6AI score0.10126EPSS
Exploits8
Rows per page
Query Builder