2 matches found
CVE-2026-22244 OpenMetadata Server-Side Template Injection (SSTI) in FreeMarker email templates that leads to RCE
OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection SSTI in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch...
CVE-2025-64187 OctoPrint is vulnerable to XSS through Action Command Notifications and Prompts
OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...