Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

22 matches found

RedhatCVE
RedhatCVEadded 3 days ago5 views

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

7.5CVSS5.4AI score0.00465EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 3 days ago4 views

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

7.3CVSS5.8AI score0.00254EPSS
Exploits2References1
NVD
NVDadded 2026/05/08 6:16 a.m.7 views

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

7.3CVSS0.00254EPSS
Exploits2References1
NVD
NVDadded 2026/05/08 6:16 a.m.6 views

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

7.5CVSS0.00465EPSS
Exploits2References2
Cvelist
Cvelistadded 2026/05/08 12:0 a.m.27 views

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

0.00465EPSS
Exploits2References1
CNNVD
CNNVDadded 2026/05/08 12:0 a.m.5 views

Yeti Platform 代码注入漏洞

Yeti Platform is an open-source daily threat intelligence platform developed by Yeti Platform. Versions of Yeti Platform prior to 2.1.12 contained a code injection vulnerability. This vulnerability stemmed from server-side template injection during the custom template export function, which could...

7.3CVSS6AI score0.00254EPSS
Exploits2References1
Cvelist
Cvelistadded 2026/05/08 12:0 a.m.29 views

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

0.00254EPSS
Exploits2References1
ATTACKERKB
ATTACKERKBadded 2026/05/08 12:0 a.m.4 views

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

5.8AI score0.00465EPSS
Exploits3References2
CVE
CVEadded 2026/05/08 12:0 a.m.19 views

CVE-2024-46508

CVE-2024-46508 affects yeti-platform yeti before 2.1.12. The issue allows an attacker to generate valid JWT tokens if YETI_AUTH_SECRET_KEY remains at the default SECRET. CVSS v3.1 base score 7.5 (High) with Network attack vector and no privileges required. Root cause: secret key used for JWT sign...

7.5CVSS5.8AI score0.00465EPSS
Exploits2References2Affected Software1
CNNVD
CNNVDadded 2026/05/08 12:0 a.m.5 views

Yeti Platform 信任管理问题漏洞

Yeti Platform is an open-source daily threat intelligence platform developed by Yeti Platform. Versions of Yeti Platform prior to 2.1.12 had a trust management vulnerability. This vulnerability occurred because allowing attackers to generate valid JWT tokens occurred without changing the...

7.5CVSS5.8AI score0.00465EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2026/05/08 12:0 a.m.4 views

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

6AI score0.00254EPSS
Exploits2References1
EUVD
EUVDadded 2026/05/08 12:0 a.m.5 views

EUVD-2024-55571

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

7.5CVSS5.8AI score0.00465EPSS
Exploits3References1
ATTACKERKB
ATTACKERKBadded 2026/05/08 12:0 a.m.4 views

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

6AI score0.00254EPSS
Exploits2References3
Vulnrichment
Vulnrichmentadded 2026/05/08 12:0 a.m.4 views

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

5.8AI score0.00465EPSS
Exploits2References1
EUVD
EUVDadded 2026/05/08 12:0 a.m.4 views

EUVD-2024-55570

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

7.3CVSS6AI score0.00254EPSS
Exploits2References1
CVE
CVEadded 2026/05/08 12:0 a.m.65 views

CVE-2024-46507

CVE-2024-46507: Yeti Platform prior to 2.1.12 contains a Server-Side Template Injection (SSTI) in the custom template export function that can lead to remote code execution on the application server. Exploitation requires valid credentials (authenticated user). Impact includes arbitrary command e...

7.3CVSS6AI score0.00254EPSS
Exploits2References1Affected Software1
Nuclei
Nucleiadded 2026/02/04 7:0 a.m.70 views

Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE

The Yeti Platform " verified: true max-request: 4 tags: cve,cve2024,yeti,platform,ssti,rce,intrusive,vkev,vuln variables: username: "username" password: "password" http: - raw: - | POST /api/v2/auth/token HTTP/1.1 Host: Hostname Content-Type:...

7.3CVSS7.7AI score0.00254EPSS
Exploits2References1
BDU FSTEC
BDU FSTECadded 2025/02/04 12:0 a.m.2 views

The vulnerability of the YETI platform for collecting and analyzing data on cyber threats lies in the insufficient verification of input data. This allows a malicious actor to execute arbitrary code or carry out Server Side Template Injection (SSTI) attacks.

The vulnerability of the YETI platform for collecting and analyzing data on cyber threats is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or carry out Server Side Template Injection SSTI attacks...

9CVSS0.00254EPSS
Exploits2References4Affected Software1
BDU FSTEC
BDU FSTECadded 2025/02/03 12:0 a.m.2 views

The vulnerability of the Yeti threat analysis platform, which relies on the use of strictly encrypted credentials, allows attackers to escalate their privileges.

The vulnerability of the Yeti threat analysis platform is related to the use of strictly encrypted credentials. Exploiting this vulnerability allows a remote attacker to enhance their privileges by using a static JWT token...

10CVSS0.00465EPSS
Exploits3References4Affected Software1
Rhino Security Labs
Rhino Security Labsadded 2025/01/29 1:1 p.m.22 views

CVE-2024-46507: Yeti Platform Server-Side Template Injection (SSTI)

The post CVE-2024-46507: Yeti Platform Server-Side Template Injection SSTI appeared first on Rhino Security Labs...

7.3CVSS7.1AI score0.00254EPSS
Exploits2
Rows per page
Query Builder