Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Gogs: DoS in rendering issue index pattern
FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE
JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer
Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed
Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory
Server-Side Template Injection (SSTI) in Wirtualna Uczelnia
Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern
Formie: Pre-authenticated server-side template injection in Hidden fields
In JetBrains IntelliJ IDEA before 2026
RAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code Execution
A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine
Banks: Critical Remote Code Execution (RCE) via Jinja2 SSTI
Vowpal Wabbit: Shell injection via crafted PR title in python_checks.yml allows arbitrary command execution on CI runner
Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine
Angular template injection in Reports in Guardian/CMC before 26.1.0
Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component
Sanluan PublicCMS templateResult API TemplateResultDirective.java execute special elements used in a template engine
CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE
CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE
Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions
Showing 1 - 20 of 1,000+ results