Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-22533
Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be ...
Xiandafu Beetl 3.15.12
9.8
CVSSv3
CVE-2023-49214
Usedesk prior to 1.7.57 allows chat template injection.
Usedesk Usedesk
9.8
CVSSv3
CVE-2023-29827
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended ...
Ejs Ejs 3.1.9
8.8
CVSSv3
CVE-2023-45303
ThingsBoard prior to 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).
Thingsboard Thingsboard
9.8
CVSSv3
CVE-2023-26092
Liima prior to 1.17.28 allows server-side template injection.
Puzzle Liima
8.8
CVSSv3
CVE-2023-33570
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).
Webkul Bagisto 1.5.1
7.5
CVSSv3
CVE-2020-12790
In the SEOmatic plugin prior to 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.
Nystudio107 Seomatic
7.8
CVSSv3
CVE-2023-5764
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an malicious user to use a specially crafted file to introduce templating injection when suppl...
Redhat Ansible 2.16.0
Redhat Ansible
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.1
Redhat Ansible Inside 1.2
NA
CVE-2024-34710
Wiki.js is al wiki app built on Node.js. Client side template injection exists, that could allow an malicious user to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through...
7.5
CVSSv3
CVE-2020-11994
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
Apache Camel
Apache Camel 2.25.0
Apache Camel 2.25.1
Oracle Enterprise Repository 11.1.1.7.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Diameter Signaling Router
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »