Lucene search
K

42 matches found

NVD
NVD
added 2026/06/23 3:16 p.m.12 views

CVE-2026-28496

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS0.01892EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/23 2:20 p.m.10 views

EUVD-2026-38455

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS6.4AI score0.01892EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-46633 Note that Nessus relies on the presence of the package as reported by the vendo...

5.8AI score0.00357EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/04 4:53 p.m.4 views

CVE-2026-28784 Craft is affected by potential authenticated Remote Code Execution via Twig SSTI

Craft is a content management system CMS. Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload using the Twig map filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE. For this to...

8.6CVSS6AI score0.00514EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 9:6 p.m.9 views

Craft CMS has potential authenticated Remote Code Execution via Twig SSTI

For this to work, the attacker must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled, which is against Craft CMS' recommendations for any non-dev environment. https://craftcms.com/knowledge-base/securing-craftset-allowAdminChanges-to-false-in-production...

8.6CVSS6AI score0.00514EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/03 9:6 p.m.6 views

GHSA-QC86-Q28F-GGWW Craft CMS has potential authenticated Remote Code Execution via Twig SSTI

For this to work, the attacker must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled, which is against Craft CMS' recommendations for any non-dev environment. https://craftcms.com/knowledge-base/securing-craftset-allowAdminChanges-to-false-in-production...

8.6CVSS6AI score0.00514EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.4 views

CVE-2025-68454

Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via Twig SSTI. For this to work, users must have administrator access to the Craft Control Panel, and...

7.7CVSS7.2AI score0.00787EPSS
Exploits1References1
CVE
CVE
added 2026/01/05 9:56 p.m.19 views

CVE-2025-68454

CVE-2025-68454 affects Craft CMS: versions 5.0.0-RC1–5.8.20 and 4.0.0-RC1–4.16.16 are vulnerable to authenticated Remote Code Execution via Twig SSTI. The issue requires administrator access to Craft’s Control Panel with allowAdminChanges enabled (or a non-admin with disabled allowAdminChanges bu...

8.8CVSS6.8AI score0.00787EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/05 9:56 p.m.2 views

CVE-2025-68454 Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI

Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via Twig SSTI. For this to work, users must have administrator access to the Craft Control Panel, and...

7.7CVSS6.8AI score0.00787EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/05 9:56 p.m.28 views

CVE-2025-68454 Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI

Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via Twig SSTI. For this to work, users must have administrator access to the Craft Control Panel, and...

7.7CVSS0.00787EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25727

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00805EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/08/30 6:19 p.m.5 views

CVE-2025-57811

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI Server-Side Template Injection. This is a follow-up to CVE-2024-52293. This vulnerability has been patched in...

8.6CVSS7.7AI score0.01308EPSS
Exploits1References1
OSV
OSV
added 2025/08/25 8:42 p.m.3 views

GHSA-CRCQ-738G-PQVC Craft CMS Potential Remote Code Execution via Twig SSTI

Note that users must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled for this to work, which is against Craft CMS' recommendations for any non-dev environment. https://craftcms.com/knowledge-base/securing-craftset-allowAdminChanges-to-false-in-productio...

7.5CVSS6.5AI score0.00805EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/08/25 8:42 p.m.14 views

Craft CMS Potential Remote Code Execution via Twig SSTI

Note that users must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled for this to work, which is against Craft CMS' recommendations for any non-dev environment. https://craftcms.com/knowledge-base/securing-craftset-allowAdminChanges-to-false-in-productio...

8.6CVSS6.6AI score0.00805EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/08/25 6:15 p.m.7 views

CVE-2025-57811

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI Server-Side Template Injection. This is a follow-up to CVE-2024-52293. This vulnerability has been patched in...

8.6CVSS0.00805EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/25 5:52 p.m.2 views

CVE-2025-57811 Craft Potential Remote Code Execution via Twig SSTI

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI Server-Side Template Injection. This is a follow-up to CVE-2024-52293. This vulnerability has been patched in...

8.6CVSS8.1AI score0.00805EPSS
Exploits0References3
CVE
CVE
added 2025/08/25 5:52 p.m.28 views

CVE-2025-57811

Craft CMS vulnerability CVE-2025-57811 is a remote code execution via Twig SSTI affecting Craft 4.x (4.0.0-RC1 through 4.16.5) and 5.x (5.0.0-RC1 through 5.8.6). The issue stems from Twig SSTI and is a follow-up to CVE-2024-52293. Affected versions are patched in Craft 4.16.6 and 5.8.7. If you ru...

8.6CVSS7.1AI score0.00805EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/08/25 5:52 p.m.10 views

CVE-2025-57811 Craft Potential Remote Code Execution via Twig SSTI

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI Server-Side Template Injection. This is a follow-up to CVE-2024-52293. This vulnerability has been patched in...

8.6CVSS0.00805EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.6 views

PT-2025-34691 · Pixel & Tonic · Craft

Name of the Vulnerable Software and Affected Versions: Craft versions 4.0.0-RC1 through 4.16.5 Craft versions 5.0.0-RC1 through 5.8.6 Description: Craft is a platform for creating digital experiences. A remote code execution issue exists due to Server-Side Template Injection SSTI in Twig...

8.6CVSS7.5AI score0.00805EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/23 9:52 a.m.7 views

CVE-2024-7129

The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins...

7.2CVSS7.3AI score0.01138EPSS
Exploits1References1
Rows per page
Query Builder