Lucene search
K

77 matches found

Nuclei
Nuclei
added 18 hours ago15 views

XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)

XWiki = 17.3.0 contains a server-side template injection caused by improper validation of Apache Velocity template code in the Administration interface HTTP Meta Info field, letting authenticated administrators execute arbitrary template logic. id: CVE-2025-51991 info: name: XWiki = 17.3.0 -...

8.8CVSS7.4AI score0.03366EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/09 12:40 a.m.11 views

Prototype Pollution

Overview velocityjs is a Velocity Template LanguageVTL for JavaScript Affected versions of this package are vulnerable to Prototype Pollution through the processing of set directives in templates. An attacker can modify the global object prototype by supplying specially crafted template content,...

9.8CVSS6.4AI score0.00505EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/20 1:25 p.m.6 views

CVE-2025-12107

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and...

8.4CVSS6.3AI score0.00618EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 10:16 a.m.3 views

CVE-2025-12107

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and...

7.2CVSS6.3AI score0.00618EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 10:16 a.m.5 views

CVE-2025-12107

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and...

8.4CVSS0.00618EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 10:4 a.m.5 views

CVE-2025-12107

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and...

10CVSS6.4AI score0.00618EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 10:4 a.m.4 views

CVE-2025-12107 Potential authenticated Server-Side Template Injection (SSTI) vulnerability.

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and...

8.4CVSS6.4AI score0.00618EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 10:4 a.m.23 views

CVE-2025-12107

CVE-2025-12107 is linked to a server-side template injection (SSTI) vulnerability in a vulnerable third-party Velocity template engine used by WSO2 Identity Server. An attacker with administrative privileges can inject and execute arbitrary template code on the server, potentially leading to remo...

8.4CVSS6.3AI score0.00618EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/19 10:4 a.m.30 views

CVE-2025-12107 Potential authenticated Server-Side Template Injection (SSTI) vulnerability.

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and...

8.4CVSS0.00618EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20796

Name of the Vulnerable Software and Affected Versions versions prior to Feb. 19, 2026 Description The software uses a vulnerable third-party Velocity template engine, allowing a malicious actor with admin privilege to inject and execute arbitrary template syntax within server-side templates...

10CVSS6AI score0.00618EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WSO2 Identity Server 安全漏洞

WSO2 Identity Server is an identity authentication server developed by the American company WSO2. WSO2 Identity Server has a security vulnerability that stems from the use of a vulnerable third-party Velocity template engine. This vulnerability could allow attackers with administrative privileges...

8.4CVSS6.3AI score0.00618EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/16 10:39 p.m.189 views

Exploit for Injection in Apache Solr

Apache-Solr-RCE-CVE-2019-17558 🛡️ Apache Solr Remote Code E...

7.5CVSS5.8AI score0.98567EPSS
Exploits12
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2012-1836

Malware in sbrugna...

6CVSS6.3AI score0.0219EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-3315

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.02711EPSS
Exploits0References7
NVD
NVD
added 2025/08/20 3:15 p.m.5 views

CVE-2025-51991

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can inject crafted Apache Velocity template code, which is...

8.8CVSS0.03366EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/20 12:0 a.m.3 views

CVE-2025-51991

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can inject crafted Apache Velocity template code, which is...

7.9AI score0.03366EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/08/20 12:0 a.m.10 views

CVE-2025-51991

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can inject crafted Apache Velocity template code, which is...

0.03366EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:52 a.m.6 views

CVE-2024-24230

Komm.One CMS 10.4.2.14 has a Server-Side Template Injection SSTI vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime.exec followed by an OS command...

7.5CVSS8.2AI score0.00715EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/10/24 6:13 p.m.21 views

OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

Summary The built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this...

6.1CVSS6.9AI score0.00487EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/18 12:0 a.m.15 views

CVE-2024-24230

Komm.One CMS 10.4.2.14 has a Server-Side Template Injection SSTI vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime.exec followed by an OS command...

8.2AI score0.00715EPSS
Exploits0References1
Rows per page
Query Builder