Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1336 — Vulnerability Class 115

115 vulnerabilities classified as CWE-1336. AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-6761 Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engine — Cloud-Starry-Sky Enterprise Edition 7.3 High2025-06-27
CVE-2025-6518 PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a template engine — pyspur 6.3 Medium2025-06-23
CVE-2025-49142 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating — nautobot 8.1AIHighAI2025-06-10
CVE-2025-49136 listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user — listmonk 9.1 Critical2025-06-09
CVE-2025-49619 Ikonomos Skyvern 安全漏洞 — Skyvern 8.5 High2025-06-07
CVE-2025-5325 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testService special elements used in a template engine — ADP Application Developer Platform 应用开发者平台 6.3 Medium2025-05-29
CVE-2025-47916 Invision Community 安全漏洞 — Invision Power Board 10.0 Critical2025-05-16
CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI — cms 7.2AIHighAI2025-05-05
CVE-2025-23376 Dell PowerProtect Data Manager Reporting 安全漏洞 — PowerProtect Data Manager Reporting 2.3 Low2025-04-28
CVE-2025-46661 IPW Systems Metazo 安全漏洞 — Metazo 10.0 Critical2025-04-28
CVE-2025-3841 wix-incubator jam Jinja2 Template jam.py special elements used in a template engine — jam 3.3 Low2025-04-21
CVE-2025-32461 Tiki 安全漏洞 — Tiki 9.9 Critical2025-04-09
CVE-2024-8238 Unrestricted Code Execution in aimhubio/aim — aimhubio/aim 8.8 -2025-03-20
CVE-2025-1040 Server-Side Template Injection (SSTI) in significant-gravitas/autogpt — significant-gravitas/autogpt 9.8 -2025-03-20
CVE-2025-26865 Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE — Apache OFBiz 9.8 -2025-03-10
CVE-2025-2040 zhijiantianya ruoyi-vue-pro deploy special elements used in a template engine — ruoyi-vue-pro 6.3 Medium2025-03-06
CVE-2025-27516 Jinja sandbox breakout through attr filter selecting format method — jinja 9.8 -2025-03-05
CVE-2024-9150 Code Injection in Wyn Enterprise — Wyn Enterprise 7.8 -2025-02-21
CVE-2025-26789 Logpoint AgentX 安全漏洞 — AgentX 4.9 -2025-02-14
CVE-2025-23211 Tandoor Recipes - SSTI - Remote Code Execution — recipes 10.0 Critical2025-01-28
CVE-2024-12583 Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection — Dynamics 365 Integration 9.9 Critical2025-01-04
CVE-2024-56326 Jinja has a sandbox breakout through indirect reference to format method — jinja 8.8 -2024-12-23
CVE-2024-55660 SiYuan has an SSTI via /api/template/renderSprig — siyuan 6.5 -2024-12-11
CVE-2024-55652 PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters — pwndoc 6.5 Medium2024-12-11
CVE-2024-30372 Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability — Allegra 8.8 -2024-11-22
CVE-2024-45053 Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine — fides 9.1 Critical2024-09-04
CVE-2024-6386 WPML Multilingual CMS <= 4.6.12 - Authenticated (Contributor+) Remote Code Execution via Twig Server-Side Template Injection — WPML 9.9 Critical2024-08-21
CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions — shopware 8.3 High2024-08-08
CVE-2024-42355 Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag — shopware 8.3 High2024-08-08
CVE-2024-41950 Insecure Jinja2 templates rendered in Haystack Components can lead to RCE — haystack 7.5 High2024-07-31

Vulnerabilities classified as CWE-1336 represent 115 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.