Fallos del tipo CWE-1336
179 resultadosCVE-2026-28783CRITICALCraft has a Twig Function Blocklist BypassEPSS 0.5%CVE-2026-21449HIGHBagisto has SSTI via first and last name from low-privilege user (not admin)EPSS 0.5%CVE-2025-65602CRITICALA template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a craEPSS 0.5%CVE-2022-27662MEDIUMOn F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exiEPSS 0.4%CVE-2026-9558CRITICALA Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without EPSS 0.4%CVE-2024-27623MEDIUMCMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, pEPSS 0.4%CVE-2024-9150HIGHCode Injection in Wyn EnterpriseEPSS 0.4%CVE-2026-41065HIGHTautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template DirectoryEPSS 0.4%CVE-2025-2040MEDIUMzhijiantianya ruoyi-vue-pro deploy special elements used in a template engineEPSS 0.4%CVE-2022-23851CRITICALNetaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI).EPSS 0.4%CVE-2025-66438CRITICALA Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. SpecifiEPSS 0.4%CVE-2026-41901CRITICALThymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressionsEPSS 0.4%CVE-2026-33392HIGHIn JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypassEPSS 0.4%CVE-2025-68929CRITICALFrappe may be vulnerable remote code execution due to server-side template injectionEPSS 0.4%CVE-2026-44209HIGHBanks: Critical Remote Code Execution (RCE) via Jinja2 SSTIEPSS 0.4%CVE-2025-5325MEDIUMzhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testService special elements used in a template engineEPSS 0.4%CVE-2026-45714CRITICALCubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCEEPSS 0.4%CVE-2024-54954HIGHOneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.EPSS 0.4%CVE-2026-28228HIGHOpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code ExecutionEPSS 0.4%CVE-2025-10380HIGHAdvanced Views – Display Posts, Custom Fields, and More <= 3.7.19 - Authenticated (Author+) Remote Code Execution via SSTIEPSS 0.4%