Fallos del tipo CWE-1336
179 resultadosCVE-2025-35113MEDIUMAgiloft improper neutralization in EUI template engineEPSS 0.4%CVE-2026-3725MEDIUM1024-lab/lab1024 SmartAdmin FreeMarker Template MailService.java freemarkerResolverContent special elements used in a template engineEPSS 0.4%CVE-2024-34710HIGHWiki.js Stored XSS through Client Side Template Injection EPSS 0.4%CVE-2026-35044HIGHBentoML has a Server-Side Template Injection via unsandboxed Jinja2 Environment in Dockerfile generationEPSS 0.4%CVE-2026-23626MEDIUMKimai Vulnerable to Authenticated Server-Side Template Injection (SSTI)EPSS 0.4%CVE-2026-28797HIGHRAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" ComponentEPSS 0.4%CVE-2026-32261HIGHRCE via SSTI for users with permissions to access the Craft CMS Webhooks pluginEPSS 0.4%CVE-2025-14731MEDIUMCTCMS Content Management System Frontend/Template Management CT_Parser.php special elements used in a template engineEPSS 0.4%CVE-2026-26026CRITICALGLPI has a Server-Side Template Injection via Double-CompilationEPSS 0.4%CVE-2026-42252CRITICALApache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user patternEPSS 0.4%CVE-2025-62416MEDIUMbagisto - Server Side Template Injection (SSTI) in Product DescriptionEPSS 0.4%CVE-2025-6761MEDIUMKingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engineEPSS 0.4%CVE-2026-22191MEDIUMBeghelli Sicuro24 SicuroWeb AngularJS Template InjectionEPSS 0.4%CVE-2025-3841MEDIUMwix-incubator jam Jinja2 Template jam.py special elements used in a template engineEPSS 0.4%CVE-2025-26789MEDIUMAn issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access EPSS 0.4%CVE-2026-31864MEDIUMJumpServer has a Server-Side Template Injection Leading to RCE via YAML RenderingEPSS 0.3%CVE-2026-33130MEDIUMUptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)EPSS 0.3%CVE-2026-44916LOWIn OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.EPSS 0.3%CVE-2026-34587HIGHKirby has Server-Side Template Injection (SSTI) via double template resolution in option renderingEPSS 0.3%CVE-2026-54390CRITICALJTL Shop < 5.7.2 Server-Side Template Injection via Smarty RendererEPSS 0.3%