Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1336 — Vulnerability Class 115

115 vulnerabilities classified as CWE-1336. AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6984 AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engine — AstrBot 4.7 Medium2026-04-25
CVE-2026-34587 Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering — kirby 6.5AIMediumAI2026-04-24
CVE-2026-40320 Giskard has an Unsandboxed Jinja2 Template Rendering in ConformityCheck — giskard-oss 8.8AIHighAI2026-04-17
CVE-2026-33392 JetBrains YouTrack 安全漏洞 — YouTrack 7.2 High2026-04-17
CVE-2026-5987 Sanluan PublicCMS FreeMarker Template AbstractFreemarkerView.java AbstractFreemarkerView.doRender special elements used in a template engine — PublicCMS 4.7 Medium2026-04-09
CVE-2026-40087 LangChain has incomplete f-string validation in prompt templates — langchain 5.3 Medium2026-04-09
CVE-2026-39980 OpenCTI affected by RCE via notifier template — opencti 9.1 Critical2026-04-09
CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape — InvenTree 5.5 Medium2026-04-08
CVE-2026-35044 BentoML has a Server-Side Template Injection via unsandboxed Jinja2 Environment in Dockerfile generation — BentoML 8.8 High2026-04-06
CVE-2026-5559 AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine — PyBlade 6.3 Medium2026-04-05
CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable) — zebra 7.5AIHighAI2026-03-31
CVE-2026-34172 Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment — giskard-oss 9.8 -2026-03-31
CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution — OpenOLAT 8.8 High2026-03-30
CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates — incus 10.0 Critical2026-03-26
CVE-2026-33154 dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver — dynaconf 7.5 High2026-03-20
CVE-2026-32261 RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin — webhooks 7.5AIHighAI2026-03-16
CVE-2026-31864 JumpServer has a Server-Side Template Injection Leading to RCE via YAML Rendering — jumpserver 6.8 Medium2026-03-13
CVE-2026-22191 Beghelli Sicuro24 SicuroWeb AngularJS Template Injection — SicuroWeb (Sicuro24) 5.2 Medium2026-03-13
CVE-2026-3725 1024-lab/lab1024 SmartAdmin FreeMarker Template MailService.java freemarkerResolverContent special elements used in a template engine — SmartAdmin 6.3 Medium2026-03-08
CVE-2026-3714 OpenCart Incomplete Fix CVE-2024-36694 template.php save special elements used in a template engine — OpenCart 4.7 Medium2026-03-08
CVE-2026-28784 Craft is affected by potential authenticated Remote Code Execution via Twig SSTI — cms 7.2AIHighAI2026-03-04
CVE-2026-28697 Craft Affected by Authenticated RCE via "craft.app.fs.write()" in Twig Templates — cms 7.2AIHighAI2026-03-04
CVE-2026-28695 Craft affected by authenticated RCE via Twig SSTI - create() function + Symfony Process gadget — cms 7.2AIHighAI2026-03-04
CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF) — Kibana 8.6 High2026-02-26
CVE-2026-27961 Agenta's Server-Side Template Injection (SSTI) via custom evaluator Jinja2 templates allows RCE — agenta 8.8 High2026-02-26
CVE-2026-27641 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection — flask-reuploaded 9.8 Critical2026-02-25
CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI) — InvenTree 5.9 Medium2026-02-25
CVE-2026-2969 datapizza-labs datapizza-ai Jinja2 Template prompt.py ChatPromptTemplate special elements used in a template engine — datapizza-ai 4.7 Medium2026-02-23
CVE-2026-27464 Metabase: Server-Side Template Injection via Notifications Endpoint Leads to RCE — metabase 7.7 High2026-02-21
CVE-2025-12107 Potential authenticated Server-Side Template Injection (SSTI) vulnerability. — WSO2 Identity Server 8.4 High2026-02-19

Vulnerabilities classified as CWE-1336 represent 115 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.