ssti Archives • Daily CyberSecurity

Critical RCE Exploits Exposed: Apache OFBiz Patches Severe Authentication Bypass Flaws CVE-2022-25371 - CVE-2025-26865 Apache OFBiz RCE Vulnerability CVE-2026-45434 Authentication Bypass

CVE-2022-25371 - CVE-2025-26865 Apache OFBiz RCE Vulnerability CVE-2026-45434 Authentication Bypass

Critical RCE Exploits Exposed: Apache OFBiz Patches Severe Authentication Bypass Flaws

Ddos May 21, 2026

The Apache OFBiz project has released a critical security update to patch several important vulnerabilities affecting its...

Critical OpenMRS Flaws Enable Patient Data Theft and Remote Server Takeover OpenMRS RCE Vulnerability CVE-2026-41258

Critical OpenMRS Flaws Enable Patient Data Theft and Remote Server Takeover

Ddos May 6, 2026

OpenMRS, the world’s leading open-source electronic medical record (EMR) platform used extensively in resource-constrained environments, has issued...

Critical 9.0 CVSS Flaw in Thymeleaf Enables Remote Server Injection Thymeleaf SSTI Bypass CVE-2026-41901 Thymeleaf SSTI CVE-2026-40477

Critical 9.0 CVSS Flaw in Thymeleaf Enables Remote Server Injection

Ddos May 6, 2026

The Thymeleaf project, a cornerstone for Java developers building modern server-side web applications, has issued a critical...

Critical 9.8 RCE Threat to SGLang AI Infrastructure SGLang RCE Vulnerability CVE-2026-7301 Zero-Day SGLang RCE AI Infrastructure Vulnerability

SGLang RCE Vulnerability CVE-2026-7301 Zero-Day SGLang RCE AI Infrastructure Vulnerability

Critical 9.8 RCE Threat to SGLang AI Infrastructure

Ddos April 21, 2026

A critical remote code execution (RCE) vulnerability has been uncovered in SGLang, a popular open-source framework used...

Critical 9.1 SSTI Flaws Unmasked in Thymeleaf Template Engine Thymeleaf SSTI Bypass CVE-2026-41901 Thymeleaf SSTI CVE-2026-40477

Critical 9.1 SSTI Flaws Unmasked in Thymeleaf Template Engine

Ddos April 17, 2026

Thymeleaf, a widely-used modern server-side Java template engine for both web and standalone environments, has released a...

Critical HFS 2.x Flaw (CVE-2024-23692) Actively Exploited: Legacy File Server Becomes a Ransomware Backdoor Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Critical HFS 2.x Flaw (CVE-2024-23692) Actively Exploited: Legacy File Server Becomes a Ransomware Backdoor

Ddos August 6, 2025

The Imperva Threat Research team sounded the alarm on a coordinated exploitation campaign targeting outdated instances of...

CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps LaRecipe, Remote Code Execution

CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps

Ddos July 15, 2025

A newly discovered Server-Side Template Injection (SSTI) vulnerability in the widely-used LaRecipe documentation tool has been assigned...

Unauthenticated RCE in BeyondTrust Tools: Chat Feature Opens Door to Server Takeover BeyondTrust RCE, Server-Side Template Injection

Unauthenticated RCE in BeyondTrust Tools: Chat Feature Opens Door to Server Takeover

Ddos June 17, 2025

BeyondTrust has issued an urgent security advisory for a high-severity vulnerability affecting its flagship products—Remote Support (RS)...

CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server, PoC Published

Ddos June 9, 2024

A critical vulnerability, identified as CVE-2024-23692, has been discovered in Rejetto HTTP File Server (HFS) versions 2.x,...