Lucene search
+L

1286 matches found

nuclei
nuclei
added yesterday13 views

Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE

Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows command execution via recipe steps. id: CVE-2025-23211 info: name: Tandoor Recipes 1.5.24 - Jinja2 SSTI RCE author: sammiee5311 severity: critical description: | Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows...

9.9CVSS6.2AI score0.03464EPSS
Exploits1References4
nessus
nessus
added 2026/07/10 12:0 a.m.5 views

Jinja2 < 3.1.6 Sandbox Bypass (CVE-2025-27516)

The version of Jinja2 installed on the remote host is prior to 3.1.6. It is, therefore, affected by a sandbox bypass vulnerability: - An oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary...

8.8CVSS7.2AI score0.00476EPSS
Exploits0References2
osv
osv
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1471 Jinja2 vulnerable to sandbox breakout through attr filter selecting format method

An oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends o...

5.4CVSS7.3AI score0.00476EPSS
Exploits0References8
osv
osv
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1447 Insecure Jinja2 templates rendered in Haystack Components can lead to RCE

Impact Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. Patches The problem has been fix...

7.7CVSS6.1AI score0.01171EPSS
Exploits0References10
redhat
redhat
added 2026/07/01 11:9 a.m.6 views

dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection

A flaw was found in dynaconf, a Python configuration management tool. This Server-Side Template Injection SSTI vulnerability occurs due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is installed. A remote attacker could exploit this by embedding malicious template...

8.1CVSS6.5AI score0.00526EPSS
Exploits1References7
nvd
nvd
added 2026/06/24 9:16 p.m.9 views

CVE-2026-33235

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS0.0031EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/24 8:52 p.m.4 views

CVE-2026-33235

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.15 views

PT-2026-52089

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.52 Description The Fill Text Template block is susceptible to a Denial of Service DoS attack. Although the backend utilizes a SandboxedEnvironment to block unauthorized attribute access, such as class , it does no...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References5
osv
osv
added 2026/06/05 5:40 a.m.9 views

BIT-AIRFLOW-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.1CVSS5.6AI score0.00369EPSS
Exploits0References3
osv
osv
added 2026/06/03 9:36 p.m.9 views

GHSA-F49J-V924-FX9W Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution

Summary The environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

10CVSS6.4AI score0.0086EPSS
Exploits0References2
github
github
added 2026/06/03 9:36 p.m.13 views

Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution

Summary The environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

10CVSS6.4AI score0.0086EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/03 2:52 p.m.8 views

ROOT-APP-PYPI-CVE-2024-56201 CVE-2024-56201 in rootio-Jinja2 - Patched by Root

Root has patched CVE-2024-56201 in the rootio-Jinja2 package for Root:PyPI. Multiple fixed versions available...

8.8CVSS7.3AI score0.00301EPSS
Exploits0
osv
osv
added 2026/06/03 2:52 p.m.6 views

ROOT-APP-PYPI-CVE-2024-56326 CVE-2024-56326 in rootio-Jinja2 - Patched by Root

Root has patched CVE-2024-56326 in the rootio-Jinja2 package for Root:PyPI. Multiple fixed versions available...

7.8CVSS5.4AI score0.005EPSS
Exploits0
osv
osv
added 2026/06/03 2:52 p.m.8 views

ROOT-APP-PYPI-CVE-2025-27516 CVE-2025-27516 in rootio-Jinja2 - Patched by Root

Root has patched CVE-2025-27516 in the rootio-Jinja2 package for Root:PyPI. Multiple fixed versions available...

8.8CVSS7.7AI score0.00476EPSS
Exploits0
osv
osv
added 2026/06/03 2:52 p.m.7 views

ROOT-APP-PYPI-CVE-2024-34064 CVE-2024-34064 in rootio-Jinja2 - Patched by Root

Root has patched CVE-2024-34064 in the rootio-Jinja2 package for Root:PyPI. Multiple fixed versions available...

5.4CVSS7.6AI score0.00979EPSS
Exploits0
osv
osv
added 2026/06/03 2:52 p.m.9 views

ROOT-APP-PYPI-CVE-2024-22195 CVE-2024-22195 in rootio-Jinja2 - Patched by Root

Root has patched CVE-2024-22195 in the rootio-Jinja2 package for Root:PyPI. Multiple fixed versions available...

5.4CVSS8.3AI score0.00892EPSS
Exploits0
redhatcve
redhatcve
added 2026/06/02 4:2 a.m.15 views

CVE-2026-45312

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator rag/prompts/generator.py allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas...

9.9CVSS6.1AI score0.00294EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/01 7:51 a.m.9 views

CVE-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

5.8AI score0.00369EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/01 7:51 a.m.41 views

CVE-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

0.00369EPSS
Exploits0References2
osv
osv
added 2026/06/01 7:51 a.m.3 views

CVE-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.1CVSS6AI score0.00369EPSS
Exploits0References5
Rows per page
Query Builder