Kimai has an Authenticated Server-Side Template Injection (SSTI)

Kimai 2.45.0 - Authenticated Server-Side Template Injection SSTI Vulnerability Summary | Field | Value | |-------|-------| | Title | Authenticated SSTI via Permissive Export Template Sandbox || Attack Vector | Network | | Attack Complexity | Low | | Privileges Required | High Admin with export...

Metasploit Wrap-Up 10/17/2025

New module content 1 Remote Code Execution Vulnerability in MotionEye Frontend CVE-2025-60787 Authors: Maksim Rogov and prabhatverma47 Type: Exploit Pull request: 20585 contributed by vognik Path: linux/http/motioneyeauthrcecve202560787 AttackerKB reference: CVE-2025-60787 Description: Adds a...