Lucene search
+L

12 matches found

Cvelist
Cvelist
added 2026/01/08 3:12 p.m.40 views

CVE-2026-22244 OpenMetadata Server-Side Template Injection (SSTI) in FreeMarker email templates that leads to RCE

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection SSTI in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch...

9.4CVSS0.0076EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/07/18 12:30 p.m.13 views

Apache StreamPark: FreeMarker SSTI RCE Vulnerability

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4...

8.8CVSS7.5AI score0.01239EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/18 11:15 a.m.24 views

CVE-2024-29178 Apache StreamPark: FreeMarker SSTI RCE Vulnerability

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4...

7.7AI score0.01239EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/09/14 12:0 a.m.41 views

CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

7.2CVSS7.1AI score0.0127EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/09/14 12:0 a.m.24 views

GHSA-2JV3-V37P-65W3 CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

7.2CVSS7.2AI score0.0127EPSS
Exploits1References3
NVD
NVD
added 2022/09/13 7:15 p.m.27 views

CVE-2022-40634

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

7.2CVSS0.0127EPSS
Exploits1References1
OSV
OSV
added 2022/09/13 7:15 p.m.17 views

CVE-2022-40634

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

7.2CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2022/09/13 7:15 p.m.16 views

Design/Logic Flaw

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

5.8CVSS7.1AI score0.0127EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/09/13 6:25 p.m.73 views

CVE-2022-40634

CVE-2022-40634 affects Crafter CMS Crafter Studio. The vulnerability arises from improper control of dynamically-managed code resources, enabling Server-Side Template Injection via FreeMarker (SSTI). Exploitation requires authenticated user credentials and can lead to OS command execution, as des...

7.2CVSS6.8AI score0.0127EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2022/09/13 6:25 p.m.6 views

EUVD-2022-6664

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

7.2CVSS7.2AI score0.0127EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/09/13 6:25 p.m.34 views

CVE-2022-40634 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

6.4CVSS7.4AI score0.0127EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2022/04/15 7:26 p.m.520 views

Exploit for Code Injection in Vmware Identity_Manager

CVE-2022-22954 CVE-2022-22954 VMware Workspace ONE Access free...

10CVSS10AI score0.99997EPSS
Exploits25
Rows per page
Query Builder