Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
template injection vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-40323
Cobbler prior to 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler Project Cobbler
7.5
CVSSv2
CVE-2020-28468
This affects the package pwntools prior to 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
Pwntools Project Pwntools
6.5
CVSSv2
CVE-2021-23337
Lodash versions before 4.17.21 are vulnerable to Command Injection via the template function.
Lodash Lodash
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Retail Customer Management And Segmentation Foundation 19.0
Oracle Communications Services Gatekeeper 7.0
Oracle Enterprise Communications Broker 3.2.0
Oracle Primavera Unifier 20.12
Oracle Banking Extensibility Workbench 14.3.0
Oracle Banking Trade Finance Process Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Gateway
Oracle Communications Session Border Controller 8.4
Oracle Communications Session Border Controller 9.0
Oracle Banking Supply Chain Finance 14.2.0
Oracle Banking Trade Finance Process Management 14.5.0
Oracle Banking Credit Facilities Process Management 14.2.0
Oracle Banking Credit Facilities Process Management 14.5.0
Oracle Banking Corporate Lending Process Management 14.2.0
8 Github repositories
7.5
CVSSv2
CVE-2022-24442
JetBrains YouTrack prior to 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
Jetbrains Youtrack
1 Github repository
5
CVSSv2
CVE-2021-28963
Shibboleth Service Provider prior to 3.2.1 allows content injection because template generation uses attacker-controlled parameters.
Shibboleth Service Provider
Debian Debian Linux 10.0
6.5
CVSSv2
CVE-2018-19907
A Server-Side Template Injection issue exists in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during render...
Craftercms Crafter Cms
4.3
CVSSv2
CVE-2022-21648
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue ...
Nette Latte
6.5
CVSSv2
CVE-2020-25967
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.
Fastadmin Fastadmin 1.0.0.20200506
6.5
CVSSv2
CVE-2022-0944
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad before 6.10.1.
Sqlpad Sqlpad
NA
CVE-2024-22682
DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature.
Duckdb Duckdb
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »