Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-0944
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad before 6.10.1.
Sqlpad Sqlpad
4.3
CVSSv2
CVE-2022-21648
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue ...
Nette Latte
7.5
CVSSv2
CVE-2022-32101
kkcms v1.3.7 exists to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php.
Kkcms Project Kkcms 1.37
NA
CVE-2024-22682
DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature.
Duckdb Duckdb
NA
CVE-2023-27292
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.
Opencats Opencats 0.9.6
7.5
CVSSv2
CVE-2021-25770
In JetBrains YouTrack prior to 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
Jetbrains Youtrack
2 Github repositories
7.5
CVSSv2
CVE-2020-28246
A Server-Side Template Injection (SSTI) exists in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandb...
Form Form.io 2.0.0
6.5
CVSSv2
CVE-2019-19999
Halo prior to 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
Halo Halo 1.2.0
Halo Halo 1.1.3
Halo Halo
6.8
CVSSv2
CVE-2021-43466
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.
Thymeleaf Thymeleaf 3.0.12
7.5
CVSSv2
CVE-2019-14965
An issue exists in Frappe Framework 10 through 12 prior to 12.0.4. A server side template injection (SSTI) issue exists.
Frappe Frappe
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »