Fallos del tipo CWE-1336
179 resultadosCVE-2026-35477MEDIUMInvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escapeEPSS 0.3%CVE-2026-27629MEDIUMInvenTree Vulnerable to Server Side Template Injection (SSTI)EPSS 0.3%CVE-2026-27464HIGHMetabase: Server-Side Template Injection via Notifications Endpoint Leads to RCEEPSS 0.3%CVE-2026-3714MEDIUMOpenCart Incomplete Fix CVE-2024-36694 template.php save special elements used in a template engineEPSS 0.3%CVE-2022-47896MEDIUMIn JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.EPSS 0.3%CVE-2026-26938HIGHImproper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)EPSS 0.3%CVE-2024-35191MEDIUMverbb/formie Server-Side Template Injection for variable-enabled settingsEPSS 0.3%CVE-2025-66361MEDIUMAn issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPEPSS 0.2%CVE-2026-25731HIGHCalibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML ExportEPSS 0.2%CVE-2026-5987MEDIUMSanluan PublicCMS FreeMarker Template AbstractFreemarkerView.java AbstractFreemarkerView.doRender special elements used in a template engineEPSS 0.2%CVE-2026-8740MEDIUMSanluan PublicCMS templateResult API TemplateResultDirective.java execute special elements used in a template engineEPSS 0.2%CVE-2024-39766HIGHImproper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow anEPSS 0.2%CVE-2026-41713HIGHPrompt Injection via Memory Poisoning in PromptChatMemoryAdvisorEPSS 0.2%CVE-2025-40900MEDIUMAngular template injection in Reports in Guardian/CMC before 26.1.0EPSS 0.2%CVE-2026-41318MEDIUMAnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable componentEPSS 0.2%CVE-2026-40320MEDIUMGiskard has an Unsandboxed Jinja2 Template Rendering in ConformityCheckEPSS 0.1%CVE-2025-23376LOWDell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in EPSS 0.1%CVE-2026-49382MEDIUMIn JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright pluginEPSS 0.1%CVE-2026-40602MEDIUMhass-cli: Handling of user-supplied Jinja2 templatesEPSS 0.1%