74 matches found
EUVD-2026-32007
Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of set directives in Velocity templates. If an application renders a template controll...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities in Apache Velocity
Summary A vulnerability has been identified in Apache Velocity library, which is used in IBM Engineering Lifecycle Management - Engineering Workflow Management. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java...
Server-Side Template Injection (SSTI)
OpenMRS is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of user-controlled input in Velocity templates within ConceptReferenceRange, which allows an attacker to inject template expressions and execute arbitrary code...
CVE-2026-41258
OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The...
CVE-2026-41258
OpenMRS Core prior to 2.7.9 and 2.8.6 is vulnerable to stored Velocity SSTI that leads to RCE. The issue occurs when evaluateCriteria() processes database-stored criteria as Velocity templates without sandboxing, with VelocityEngine initialized for logging only and no Secure Uberspector, allowing...
CVE-2026-41258
OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The...
CVE-2026-41258 OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRange
OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The...
OpenMRS 代码注入漏洞
OpenMRS is an open-source electronic health record system developed by OpenMRS Inc. Versions of OpenMRS from 2.7.0 to 2.7.9 and before 2.8.6 have a code injection vulnerability. This vulnerability arises from the ConceptReferenceRangeUtility.evaluateCriteria method, which evaluates condition...
GHSA-XJ4F-8JJG-VX4Q OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange
Impact The ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The VelocityEngine is initialized with only logging properties and noSecureUberspector, leaving the default...
OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange
Impact The ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The VelocityEngine is initialized with only logging properties and noSecureUberspector, leaving the default...
CVE-2026-28228
OpenOLAT SAS/Velocity SSTI vulnerability (CVE-2026-28228) allows an authenticated author to inject Velocity directives into a reminder email; when processed, directives are evaluated server-side via Velocity #set chained with Java reflection, enabling arbitrary Java class execution (e.g., Process...
CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
EUVD-2020-6329
Malware in sbrugna...
EUVD-2025-25310
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-13936
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account...
Linux Distros Unpatched Vulnerability : CVE-2019-17558
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through...
Improper Neutralization of Special Elements Used in a Template Engine
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via improper handling of dynamic template rendering in the HTTP Meta Info field of the Global Preferences Presentation section. An attacker can execute arbitrary...
CVE-2025-51991
Summary of CVE-2025-51991 (XWiki SSTI) : XWiki up to version 17.3.0 is vulnerable to a Server-Side Template Injection (SSTI) in the Administration interface, specifically the HTTP Meta Info field of Global Preferences Presentation. The root cause is improper handling/validation of Apache Velocity...
CVE-2022-24881
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...