Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46366 | 1 Webkul | 1 Krayin Crm | 2025-07-09 | N/A | 8.8 HIGH |
| A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system. | |||||
| CVE-2025-2040 | 1 Iocoder | 1 Ruoyi-vue-pro | 2025-07-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6761 | 2025-06-30 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The manipulation leads to improper neutralization of special elements used in a template engine. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor explains, that in the fixed release "Freemarker is set to 'ALLOWS_NOTHING_RESOLVER' to not parse any classes." | |||||
| CVE-2025-6518 | 2025-06-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-26865 | 1 Apache | 1 Ofbiz | 2025-06-23 | N/A | 3.5 LOW |
| Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18. It's a regression between 18.12.17 and 18.12.18. In case you use something like that, which is not recommended! For security, only official releases should be used. In other words, if you use 18.12.17 you are still safe. The version 18.12.17 is not a affected. But something between 18.12.17 and 18.12.18 is. In that case, users are recommended to upgrade to version 18.12.18, which fixes the issue. | |||||
| CVE-2025-3841 | 1 Wix | 1 Jam | 2025-06-23 | 1.7 LOW | 3.3 LOW |
| A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2024-37621 | 1 Strongshop | 1 Strongshop | 2025-06-20 | N/A | 7.2 HIGH |
| StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php. | |||||
| CVE-2025-47916 | 1 Invisioncommunity | 1 Invisioncommunity | 2025-06-20 | N/A | 10.0 CRITICAL |
| Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings. | |||||
| CVE-2024-23692 | 1 Rejetto | 1 Http File Server | 2025-06-18 | N/A | 9.8 CRITICAL |
| Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. | |||||
| CVE-2025-49619 | 2025-06-17 | N/A | 8.5 HIGH | ||
| Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE). | |||||
| CVE-2024-55660 | 1 B3log | 1 Siyuan | 2025-06-05 | N/A | 9.8 CRITICAL |
| SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue. | |||||
| CVE-2025-23376 | 1 Dell | 1 Powerprotect Data Manager | 2025-05-13 | N/A | 2.3 LOW |
| Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2025-46661 | 1 Ipwsystems | 1 Metazo | 2025-05-12 | N/A | 10.0 CRITICAL |
| IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-Side Template-Injection. All instances have been patched by the Supplier. | |||||
| CVE-2025-23211 | 1 Tandoor | 1 Recipes | 2025-05-08 | N/A | 9.9 CRITICAL |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24. | |||||
| CVE-2025-32461 | 2025-04-09 | N/A | 9.9 CRITICAL | ||
| wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3. | |||||
| CVE-2024-54954 | 1 Zhyd | 1 Oneblog | 2025-03-28 | N/A | 8.0 HIGH |
| OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department. | |||||
| CVE-2024-52393 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-21 | N/A | 9.1 CRITICAL |
| Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15. | |||||
| CVE-2024-9150 | 2025-02-21 | N/A | N/A | ||
| Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a host system with applications high privileges. This issue has been fixed in version 8.0.00204.0 | |||||
| CVE-2025-26789 | 2025-02-14 | N/A | N/A | ||
| An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in a Logpoint deployment. | |||||
| CVE-2024-48962 | 1 Apache | 1 Ofbiz | 2025-02-11 | N/A | 8.8 HIGH |
| Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue. | |||||