31 matches found
CVE-2025-69516
A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...
EUVD-2019-8329
Malware in sbrugna...
EUVD-2025-25900
Malicious code in bioql PyPI...
EUVD-2025-25310
Malicious code in bioql PyPI...
EUVD-2024-52716
Malicious code in bioql PyPI...
EUVD-2025-8097
Malicious code in bioql PyPI...
CVE-2025-52122
Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection SSTI vulnerability, resulting in arbitrary code injection for all users that have access to editing a form submission title...
Security Bulletin: IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by server-side template injection leading to remote code execution (CVE-2025-27516)
Summary IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by server-side template injection leading to remote code execution. IBM SOAR QRadar Plugin app has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating...
CVE-2025-34300
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...
CVE-2025-34300
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...
CVE-2025-34300 Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...
EUVD-2025-21694
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...
CVE-2023-34448
Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default filter function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke...
CVE-2025-1087
CVE-2025-1087 : Kong Insomnia Desktop Application prior to 11.0.2 contains a template injection flaw that allows arbitrary code execution. The issue arises from insufficient validation of user-supplied input during template string processing, enabling arbitrary JavaScript execution within the app...
PT-2025-29823
Name of the Vulnerable Software and Affected Versions: Lighthouse Studio versions prior to 9.16.14 Description: A template injection vulnerability exists in Lighthouse Studio’s Perl web application ciwweb.pl. Exploitation allows an unauthenticated attacker to execute arbitrary commands on the web...
OneBlog Template Injection Vulnerability
OneBlog is a Java blog. OneBlog suffers from a template injection vulnerability, no details of the vulnerability are provided at this time...
CVE-2024-54954
OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department...
CVE-2024-54954
OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department...
CVE-2024-54954
OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department...
CVE-2024-41667
OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...