Tarek Nakkouch

2 exploits Active since Jun 2025
CVE-2025-49136 METASPLOIT CRITICAL ruby WORKING POC
listmonk 4.0.0-5.0.1 - Unauthenticated Sensitive Environment Variable Exposure via Template Function
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the `{{ env }}` template expression to capture sensitive environment variables. Users should upgrade to v5.0.2 to mitigate the issue.
CVSS 9.0
CVE-2025-66294 METASPLOIT HIGH ruby WORKING POC
Grav < 1.8.0-beta.27 - Server-Side Template Injection via Weak Twig Validation
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by unauthenticated attackers. This vulnerability stems from weak regex validation in the cleanDangerousTwig method. This vulnerability is fixed in 1.8.0-beta.27.
CVSS 8.8