CVE-2026-44959

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery...

CVE-2026-28496 FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

CVE-2026-54390

Technical details are not publicly available in the provided documents. Monitor for updates from the connected sources.

CVE-2026-9691

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...

PT-2026-49386

Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...

CVE-2026-41901

Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially dangerous...

CVE-2026-41883

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

CVE-2026-41328

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...

CVE-2019-25729

CVE-2019-25729 : PDF Signer 3.0 is affected by a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code via the CSRF-TOKEN cookie parameter. Attackers can craft cookie values containing template payloads (e.g., shell_exec()) to run system comm...

VulnCheck KEV: CVE-2026-3300

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

CVE-2026-45312

RAGFlow (open-source RAG engine) is affected in 0.24.0 and earlier by a Jinja2 template injection in the prompt generator (rag/prompts/generator.py). This allows any authenticated user to execute arbitrary OS commands on the server via the SSTI chain, once a user registers and creates a Canvas wo...

CVE-2026-45312 RAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code Execution

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator rag/prompts/generator.py allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas...

PT-2026-44826

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.24.1 Description A Server-Side Template Injection SSTI exists in the prompt generator located in rag/prompts/generator.py. This issue allows authenticated users to execute arbitrary operating system commands on the...

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Mautic has a security vulnerability, which stems from server-side template injection in the theme engine. This vulnerability may...

PT-2026-44162

Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...

Supsystic Contact Form Wordpress Plugin SSTI RCE

This module performs SSTI achieving RCE in webpages containing the Contact Form Wordpress plugin by Supsystic in versions 1.7.36 and before. Module Options msf use exploit/multi/http/wppluginsupsysticcontactformrce msf exploitwppluginsupsysticcontactformrce show targets ...targets... msf...

WordPress SeaFood Company theme <= 1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme SeaFood Company versions = 1.4...

CVE-2026-45714

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

CVE-2026-45714

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

CVE-2026-41901

Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially dangerous...