1042 matches found
web-vulnerabilities-labs
Web Vulnerabilities Labs Notes techniques issues de labs web...
CVE-2026-44209
Banks prompt templating (banks) is vulnerable prior to version 2.4.2 due to an unsandboxed jinja2.Environment() when rendering prompt templates. If applications pass user-supplied strings as the template argument to Prompt(), this SSTI can lead to Remote Code Execution on the host. The issue is f...
EUVD-2026-31997
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection...
GlassFish's gadget handler is vulnerable to RCE
A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...
CVE-2026-2587
A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...
CVE-2026-31380 Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass
Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-29207 Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...
CVE-2026-29207 Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...
Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection (CVE-2026-27641)
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...
GHSA-X7M9-MWC2-G6W2 Formie: Pre-authenticated server-side template injection in Hidden fields
Impact - Unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending on template/sandbox behavior. - Sites with public Formie forms that...
📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection
Proof of concept code execution exploit for a server-side template injection vulnerability in WordPress Supsystic Contact Form plugin versions 1.7.36 and below Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI Date: 3/30/2026 Exploit Author: bootstrapbool Vendor Homepage:...
CVE-2026-44377 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...
CVE-2026-44377
CVE-2026-44377 affects CubeCart before version 6.7.0. It describes an authenticated SSTI in multiple modules (including Email Templates and Documents) where user-supplied input is unsafely evaluated by the Smarty template engine. An authenticated administrator can bypass restrictions and invoke n...
CVE-2026-44129
SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code executio...
CVE-2026-41901
Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially dangerous...
CVE-2026-41901 Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions
Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially dangerous...
📄 Contact Form by Supsystic 1.7.36 Server-Side Template Injection
Contact Form by Supsystic versions 1.7.36 and below server-side template injection exploit that achieves remote code execution. import requests import argparse import re import urllib.parse def checksstiurl, fieldname: printf" Testing SSTI on url with field fieldname..." Simple arithmetic test...
CVE-2026-44129
SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code executio...
CVE-2026-44129
CVE-2026-44129 affects SEPPmail Secure Email Gateway prior to version 15.0.4, where a server-side template injection exists in the new GINA UI. An endpoint accepts attacker-controlled templates, enabling remote attackers to execute arbitrary template expressions and potentially achieve remote cod...
CVE-2024-46507
A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...