CVE-2019-25729

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...

EUVD-2026-33902

Server-Side Template Injection SSTI in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution RCE. In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed ...

Hunting-Bugs

2026 Practical Bug Bounty Guide Built on real-world experie...

CVE-2026-44209 Banks: Critical Remote Code Execution (RCE) via Jinja2 SSTI

Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection...

CVE-2026-2587

A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...

wafuzz

wafuzz — Web Pentesting Orchestrator Interactive CLI web secu...

📄 Xibo CMS SSTI / Remote Code Execution

Xibo CMS versions prior to 4.3.1 suffer from an authenticated remote code execution vulnerability via server-side template injection. Exploit Title: Xibo CMS - Authenticated Remote Code Execution via SSTI Date: 2025-11-04 Exploit Author: Cristian Branet Vendor Homepage: https://xibosignage.com/...

VulnCheck KEV: CVE-2023-22621

Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses t...

EUVD-2026-13670

Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...

CVE-2026-25731

A flaw was found in Calibre, an e-book manager. This Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows an attacker to achieve arbitrary code execution. This occurs when a user converts an ebook using a specially crafted malicious custom template file...

Dell Data Protection Advisor security vulnerabilities

Dell Data Protection Advisor is a reporting and analysis platform provided by the American company Dell. Versions of Dell Data Protection Advisor prior to 19.12 contained security vulnerabilities, which were caused by improper handling of special elements within the server template engine. These...

CVE-2025-66294

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection SSTI vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by...

CVE-2025-66294 Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection SSTI vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by...

EUVD-2021-8627

Malicious code in bioql PyPI...

CVE-2023-22621

Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses t...

Peering Manager Security Vulnerability

Peering Manager is a BGP session management tool. A security vulnerability exists in Peering Manager 1.8.2 and prior versions that stems from the presence of a server template injection vulnerability. An attacker can exploit this vulnerability to execute remote code...

CMS Made Simple Security Breach

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version 2.2.1...

livehelperchat Security Breach

livehelperchat is an open source application that provides free live support on a website through live helperchat. A security vulnerability exists in livehelperchat version 4.28v, which stems from the presence of a Server Template Injection SSTI vulnerability...

CVE-2023-47097

A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...

CVE-2023-47097

A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...