Search Vulnerabilities

AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engine

AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMar...

Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering

hass-cli: Handling of user-supplied Jinja2 templates

Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf

Improper restriction of the scope of accessible objects in Thymeleaf expressions

Giskard has an Unsandboxed Jinja2 Template Rendering in ConformityCheck

In JetBrains YouTrack before 2025

Sanluan PublicCMS FreeMarker Template AbstractFreemarkerView.java AbstractFreemarkerView.doRender special elements used in a template engine

LangChain has incomplete f-string validation in prompt templates

OpenCTI affected by RCE via notifier template

InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape

Zammad has a server-side template injection leading to RCE via AI Agent

BentoML has a Server-Side Template Injection via unsandboxed Jinja2 Environment in Dockerfile generation

GLPI has a Server-Side Template Injection via Double-Compilation

AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine

RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component

Zebra node crash — V5 transaction hash panic (P2P reachable)

Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment

OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution