Weaknesses of type CWE-1336
179 resultsCVE-2026-44129HIGHServer-side template injectionEPSS 0.5%CVE-2024-58303HIGHFoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template SettingsEPSS 0.5%CVE-2026-33154HIGHdynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja ResolverEPSS 0.5%CVE-2026-39980CRITICALOpenCTI affected by RCE via notifier templateEPSS 0.5%CVE-2025-66299HIGHSecurity Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMSEPSS 0.5%CVE-2025-66437HIGHAn SSTI (Server-Side Template Injection) vulnerability exists in the get_address_display method of Frappe ERPNext through 15.89.0. This funcEPSS 0.5%CVE-2026-28784HIGHCraft is affected by potential authenticated Remote Code Execution via Twig SSTIEPSS 0.5%CVE-2025-66434HIGHAn SSTI (Server-Side Template Injection) vulnerability exists in the get_dunning_letter_text method of Frappe ERPNext through 15.89.0. The fEPSS 0.5%CVE-2025-64087CRITICALA Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackersEPSS 0.5%CVE-2024-56326MEDIUMJinja has a sandbox breakout through indirect reference to format methodEPSS 0.5%CVE-2026-1868CRITICALImproper Neutralization of Special Elements Used in a Template Engine in GitLab AI GatewayEPSS 0.5%CVE-2026-33654HIGHZero-Click Indirect Prompt Injection and Authentication Bypass via Email PollingEPSS 0.5%CVE-2024-46366HIGHA Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side teEPSS 0.5%CVE-2026-33897CRITICALIncus vulnerable to arbitrary file read and write through pongo templatesEPSS 0.5%CVE-2026-45697CRITICALFormie: Pre-authenticated server-side template injection in Hidden fieldsEPSS 0.5%CVE-2026-44723MEDIUMVowpal Wabbit: Shell injection via crafted PR title in python_checks.yml allows arbitrary command execution on CI runnerEPSS 0.5%CVE-2025-65106HIGHLangChain Vulnerable to Template Injection via Attribute Access in Prompt TemplatesEPSS 0.5%CVE-2025-60355CRITICALzhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.EPSS 0.5%CVE-2025-27516MEDIUMJinja sandbox breakout through attr filter selecting format methodEPSS 0.5%CVE-2025-53909CRITICALmailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification TemplateEPSS 0.5%