CVE ID :CVE-2026-28496 Published : June 23, 2026, 2:20 p.m. | 4 hours, 49 minutes ago Description :FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulnerability in the template rendering system....

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-28496 - FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE

VERWANDTEARTIKEL

Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks

CVE-2026-11807 - Eda-server: websocket missing authorization allows credential theft via activation_id spoofing

CVE-2026-49402 - Deno: Command Injection via spawnSync & spawn on Windows

CVE-2026-54008 - Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url`

CVE-2026-54010 - Open WebUI: Forged chat-file link allows cross-user file read and deletion

CVE-2026-54011 - Open WebUI: Stored XSS in Mermaid Markdown Preview