Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1336 — Vulnerability Class 115

115 vulnerabilities classified as CWE-1336. AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte — airbyte 8.6 High2024-07-09
CVE-2024-37301 document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection — document-merge-service 7.2 High2024-06-11
CVE-2024-23692 Rejetto HTTP File Server 2.3m Unauthenticated RCE — HTTP File Server 9.8 Critical2024-05-31
CVE-2023-6743 Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import — Unlimited Elements For Elementor 8.8 High2024-05-29
CVE-2024-34710 Wiki.js Stored XSS through Client Side Template Injection — wiki 7.1 High2024-05-20
CVE-2024-35191 verbb/formie Server-Side Template Injection for variable-enabled settings — formie 4.4 Medium2024-05-20
CVE-2024-32651 Server Side Template Injection in Jinja2 allows Remote Command Execution — changedetection.io 10.0 Critical2024-04-25
CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports — iris-web 6.8 Medium2024-04-25
CVE-2024-4040 Unauthenticated arbitrary file read and remote code execution in CrushFTP — CrushFTP 9.8 Critical2024-04-22
CVE-2023-47542 Fortinet FortiManager 安全漏洞 — FortiManager 6.3 Medium2024-04-09
CVE-2023-5764 Ansible: template injection — Red Hat Ansible Automation Platform 2.4 for RHEL 8 7.1 High2023-12-12
CVE-2023-6709 Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow — mlflow/mlflow 9.4AICriticalAI2023-12-12
CVE-2023-46245 Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File — kimai 7.2 High2023-10-31
CVE-2023-41047 Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint — OctoPrint 6.2 Medium2023-10-09
CVE-2023-29297 Admin-to-admin stored XSS via cache poisoning — Magento Commerce 9.1 Critical2023-06-15
CVE-2023-2259 Improper Neutralization of Special Elements Used in a Template Engine in alfio-event/alf.io — alfio-event/alf.io 7.6 -2023-04-24
CVE-2023-27995 Fortinet FortiSOAR 安全漏洞 — FortiSOAR 7.2 High2023-04-11
CVE-2021-4315 NYUCCL psiTurk experiment.py special elements used in a template engine — psiTurk 5.5 Medium2023-01-28
CVE-2022-47896 JetBrains IntelliJ IDEA 代码注入漏洞 — IntelliJ IDEA 5.0 Medium2022-12-22
CVE-2022-25813 Server-Side Template Injection affecting the ecommerce plugin of Apache OFBiz — Apache OFBiz 7.5 -2022-09-02
CVE-2022-27662 F5 Traffix SDC 安全漏洞 — Traffix SDC 4.8 Medium2022-05-05
CVE-2022-0944 Template injection in connection test endpoint leads to RCE in sqlpad/sqlpad — sqlpad/sqlpad 7.2 -2022-03-15
CVE-2022-0896 Improper Neutralization of Special Elements Used in a Template Engine in microweber/microweber — microweber/microweber 7.1 -2022-03-09
CVE-2022-0323 Improper Neutralization of Special Elements Used in a Template Engine in bobthecow/mustache.php — bobthecow/mustache.php 8.8 -2022-01-21
CVE-2021-39128 Atlassian Jira 代码注入漏洞 — Jira Server 7.2 -2021-09-16

Vulnerabilities classified as CWE-1336 represent 115 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.