Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1336 — Vulnerability Class 115

115 vulnerabilities classified as CWE-1336. AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-1868 Improper Neutralization of Special Elements Used in a Template Engine in GitLab AI Gateway — GitLab AI Gateway 9.9 Critical2026-02-09
CVE-2026-25731 Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export — calibre 7.8 High2026-02-06
CVE-2026-25526 JinJava Bypass through ForTag leads to Arbitrary Java Execution — jinjava 9.8 Critical2026-02-04
CVE-2025-46699 Dell Data Protection Advisor 安全漏洞 — Data Protection Advisor 4.3 Medium2026-01-23
CVE-2026-23626 Kimai Vulnerable to Authenticated Server-Side Template Injection (SSTI) — kimai 6.8 Medium2026-01-18
CVE-2026-22244 OpenMetadata Server-Side Template Injection (SSTI) in FreeMarker email templates that leads to RCE — OpenMetadata 7.2 -2026-01-08
CVE-2025-68454 Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI — cms 7.2 -2026-01-05
CVE-2026-21450 Bagisto has SSTI in parameter that can lead to RCE — bagisto 9.8 -2026-01-02
CVE-2026-21449 Bagisto has SSTI via first and last name from low-privilege user (not admin) — bagisto 9.9 -2026-01-02
CVE-2026-21448 Bagisto has Normal & Blind SSTI from low-privilege user when ordering product — bagisto 8.8 -2026-01-02
CVE-2025-68929 Frappe may be vulnerable remote code execution due to server-side template injection — frappe 9.1 Critical2025-12-29
CVE-2025-67843 Mintlify 安全漏洞 — Mintlify Platform 8.3 High2025-12-19
CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller — Crafty Controller 9.9 Critical2025-12-17
CVE-2025-14731 CTCMS Content Management System Frontend/Template Management CT_Parser.php special elements used in a template engine — Content Management System 6.3 Medium2025-12-15
CVE-2024-58303 FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings — FriendsofFlarum Pretty Mail 7.2AIHighAI2025-12-11
CVE-2024-58293 Akaunting 3.1.8 Server-Side Template Injection via Multiple Form Fields — Akaunting 7.2AIHighAI2025-12-11
CVE-2025-66298 Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms — grav 5.3AIMediumAI2025-12-01
CVE-2025-66297 Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection — grav 7.2AIHighAI2025-12-01
CVE-2025-66361 Logpoint SIEM 安全漏洞 — SIEM 6.5 -2025-11-27
CVE-2025-65106 LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates — langchain 8.8 -2025-11-21
CVE-2025-37729 Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine — Elastic Cloud Enterprise (ECE) 9.1 Critical2025-10-13
CVE-2025-54287 Arbitrary File Read via Template Injection in Snapshot Patterns — LXD 6.5AIMediumAI2025-10-02
CVE-2025-10380 Advanced Views – Display Posts, Custom Fields, and More <= 3.7.19 - Authenticated (Author+) Remote Code Execution via SSTI — Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver… 8.8 High2025-09-23
CVE-2025-59340 jinjava Sandbox Bypass via JavaType-Based Deserialization — jinjava 9.8 Critical2025-09-17
CVE-2025-35113 Agiloft improper neutralization in EUI template engine — Agiloft 5.9 Medium2025-08-26
CVE-2025-57811 Craft Potential Remote Code Execution via Twig SSTI — cms 9.8AICriticalAI2025-08-25
CVE-2025-9094 ThingsBoard Add Gateway special elements used in a template engine — ThingsBoard 4.3 Medium2025-08-17
CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template — mailcow-dockerized 9.1 Critical2025-07-17
CVE-2025-49828 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Remote Code Execution — conjur 8.8AIHighAI2025-07-15
CVE-2025-53833 LaRecipe is vulnerable to Server-Side Template Injection attacks — larecipe 10.0 Critical2025-07-14

Vulnerabilities classified as CWE-1336 represent 115 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.