Total
5454 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0944 | 1 Sqlpad | 1 Sqlpad | 2024-11-21 | 7.2 High |
| Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. | ||||
| CVE-2022-0921 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.7 Medium |
| Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | ||||
| CVE-2022-0896 | 1 Microweber | 1 Microweber | 2024-11-21 | 8.8 High |
| Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. | ||||
| CVE-2022-0885 | 1 Memberhero | 1 Member Hero | 2024-11-21 | 9.8 Critical |
| The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. | ||||
| CVE-2022-0845 | 1 Lightningai | 1 Pytorch Lightning | 2024-11-21 | 9.8 Critical |
| Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. | ||||
| CVE-2022-0819 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 8.8 High |
| Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. | ||||
| CVE-2022-0811 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2024-11-21 | 8.8 High |
| A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed. | ||||
| CVE-2022-0661 | 1 Ad Injection Project | 1 Ad Injection | 2024-11-21 | 7.2 High |
| The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site scripting (XSS) vulnerability. Further it is also possible to inject PHP code, leading to a Remote Code execution (RCE) vulnerability, even if the DISALLOW_FILE_EDIT and DISALLOW_FILE_MOD constants are both set. | ||||
| CVE-2022-0578 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.5 Medium |
| Code Injection in GitHub repository publify/publify prior to 9.2.8. | ||||
| CVE-2022-0323 | 1 Mustache Project | 1 Mustache | 2024-11-21 | 8.8 High |
| Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1. | ||||
| CVE-2021-4434 | 1 Warfareplugins | 1 Social Warfare | 2024-11-21 | 10 Critical |
| The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server. | ||||
| CVE-2021-4315 | 1 Psiturk | 1 Psiturk | 2024-11-21 | 5.5 Medium |
| A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676. | ||||
| CVE-2021-46362 | 1 Magnolia-cms | 1 Magnolia Cms | 2024-11-21 | 9.8 Critical |
| A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. | ||||
| CVE-2021-46118 | 1 Jpress | 1 Jpress | 2024-11-21 | 7.2 High |
| jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | ||||
| CVE-2021-46117 | 1 Jpress | 1 Jpress | 2024-11-21 | 7.2 High |
| jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | ||||
| CVE-2021-46114 | 1 Jpress | 1 Jpress | 2024-11-21 | 8.8 High |
| jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | ||||
| CVE-2021-46063 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.1 Critical |
| MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. | ||||
| CVE-2021-45806 | 1 Jpress | 1 Jpress | 2024-11-21 | 8.8 High |
| jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code. | ||||
| CVE-2021-45082 | 4 Cobbler Project, Fedoraproject, Opensuse and 1 more | 5 Cobbler, Fedora, Backports and 2 more | 2024-11-21 | 7.8 High |
| An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) | ||||
| CVE-2021-45029 | 1 Apache | 1 Shenyu | 2024-11-21 | 9.8 Critical |
| Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | ||||