CVE Daily
← All tags

Tag: Server-side Template Injection (SSTI)

All CVEs associated with "Server-side Template Injection (SSTI)". Page 1/1 • 5 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-07-17
Critical

CVE-2025-53909

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 2025-07 in the notification template sys…

CVSS: 9.1 CWE: CWE-1336
Read more
2025-07-14
Critical

CVE-2025-53833

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could p…

CVSS: 10.0 CWE: CWE-1336
Read more
2025-03-20
High

CVE-2025-1040

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of use…

CVSS: 8.8 CWE: CWE-77
Read more
2024-04-10
Critical

CVE-2024-2952

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` para…

CVSS: 9.8 CWE: CWE-76
Read more
2024-04-03
Critical

CVE-2024-24724

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messen…

CVSS: 9.8 CWE: CWE-1336
Read more