Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering

TL;DR This vulnerability affects all Kirby sites that use option fields checkboxes, color, multiselect, select, radio, tags or toggles with options from a query or API whose values may not be fully trusted. It also affects direct uses of the OptionsApi or OptionsQuery classes of Kirby's Options...

UBUNTU-CVE-2026-25731

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

EUVD-2026-5573

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

CVE-2026-21448 Bagisto has Normal & Blind SSTI from low-privilege user when ordering product

Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders any product, in the add address step they can inject a value to run in admin view. The issue can lead to remote code execution. Version...

CVE-2025-66298

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload to exploit a Server-Side Template SST vulnerability. Sensitive information may be...

EUVD-2025-34816

bagisto has Server Side Template Injection SSTI in Product Description...

CVE-2025-54815

CVE-2025-54815 is a server‑side template injection (SSTI) vulnerability in PPress 0.0.9 (beta). The affected component is the template rendering used by themes, with the underlying issue described as SSTI that enables arbitrary code execution. Public references within the provided documents confi...

CVE-2025-9556 CVE-2025-9556

Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a...

SUSE CVE-2021-25283

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks...

Exploit for Code Injection in Ejs

CVE-2022-29078 vuln ejs 3.1.6 docker Setup git clone h...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not specified, but the repository includes various vulnerable environments based on Docker-Compose, such as flask/ssti, httpd/apacheparsingvulnerability, and nginx/nginxparsingvulnerability. The...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. $parse allowed arbitrary code execution via Angular expressions under some very specific conditions. The only applications affected by these vulnerabilities are those that match all of the following conditions:...