CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

CVE-2026-27629

InvenTree prior to v1.2.3 is affected by a server-side template vulnerability in batch code generation. A staff user can modify the customizable Jinja2 template used during batch code creation via the API; if another user triggers the API call, the template executes in their user context, potenti...

CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

CVE-2021-32649

October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in t...

GHSA-C3Q9-C27P-CW9H projectdiscovery/nuclei allows unsigned code template execution through workflows

Summary Find a way to execute code template without -code option and signature. Details write a code.yaml: yaml id: code info: name: example code template author: ovi3 code: - engine: - sh - bash source: | id http: - raw: - | POST /re HTTP/1.1 Host: Hostname coderesponse workflows: - matchers: -...

CVE-2024-40641 Unsigned code template execution through workflows in projectdiscovery/nuclei

Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In...

PEDA - Python Exploit Development Assistance For GDB

PEDA - Python Exploit Development Assistance for GDB Key Features: Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Add commands to support debugging and exploit development for a full list of commands use peda help: aslr --...

Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

Document Title: =============== Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1852 Release Date: ============= 2016-05-25 Vulnerability Laboratory ID VL-ID: ==================================== 18...

NotSopureEdit <= 1.4.1 Remote File Include Vulnerability

Exploit for unknown platform in category web applications ======================================================== NotSopureEdit Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail : submitatinj3ct0r.com 1 0 0 1 1 0 I'm...