Skip to main content

CWE-97

Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

6 CVEs Avg CVSS 7.3 MITRE
0
CRITICAL
5
HIGH
1
MEDIUM
0
LOW
2
POC
0
KEV

Monthly

CVE-2025-36558 MEDIUM This Month

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the sso_token used for authentication. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-35996 HIGH This Week

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2025-21103 HIGH This Week

Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell RCE Networker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-56363 HIGH This Week

APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Python
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-37621 HIGH POC This Week

StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Strongshop
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-29686 PHP HIGH POC This Week

Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Winter
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
1.8%
EPSS 0% CVSS 5.1
MEDIUM This Month

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the sso_token used for authentication. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 8.5
HIGH This Week

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell RCE Networker
NVD
EPSS 0% CVSS 7.8
HIGH This Week

APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Python
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Strongshop
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Winter
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy