CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

486 matches found

Nuclei•added 2026/06/04 3:48 a.m.•39 views

playSMS <1.4.3 - Remote Code Execution

PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template. id: CVE-2020-8644 info: name: playSMS 1.4.3 - Remote Code Execution author: dbrwsky severity: critical description: PlaySMS before version 1.4.3 is susceptible to remote code...

9.8CVSS7.9AI score0.94062EPSS

Exploits6References5

Nuclei•added 2026/06/01 5:38 a.m.•65 views

Hitachi Pentaho Business Analytics Server - Remote Code Execution

Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby...

8.8CVSS7.9AI score0.93976EPSS

Exploits6References3

NVD•added 2026/04/17 10:16 p.m.•2 views

CVE-2026-40477

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...

9CVSS0.00055EPSS

Exploits0References1

Nuclei•added 2026/02/04 7:0 a.m.•33 views

Nuxeo <10.3 - Remote Code Execution

Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection. id: CVE-2018-16341 info: name: Nuxeo 10.3 - Remote Code Execution author: madrobot severity: high description: | Nuxeo prior to version 10.3 is susceptible to a...

7.5CVSS8.2AI score0.82406EPSS

Exploits2References1

Nuclei•added 2026/02/04 7:0 a.m.•72 views

Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE

The Yeti Platform " verified: true max-request: 4 tags: cve,cve2024,yeti,platform,ssti,rce,intrusive,vkev,vuln variables: username: "username" password: "password" http: - raw: - | POST /api/v2/auth/token HTTP/1.1 Host: Hostname Content-Type:...

7.3CVSS7.7AI score0.00277EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 12:39 p.m.•4 views

CVE-2023-29689

PyroCMS 3.9 contains a remote code execution RCE vulnerability that can be exploited through a server-side template injection SSTI flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system...

9.8CVSS8.6AI score0.60821EPSS

Exploits4References1

RedhatCVE•added 2026/01/09 8:58 a.m.•5 views

CVE-2023-45303

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...

8.8CVSS7AI score0.00642EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:8 a.m.•5 views

CVE-2024-2952

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS9.7AI score0.01434EPSS

Exploits1References1