Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1336

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

Parent: CWE-94 - Improper Control of Generation of Code ('Code Injection')

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

155 vulnerabilities with CWE-1336

CVE-2025-64087 CRITICAL

opensagres XDocReport <2.1.0 - SSTI

CVE-2025-68454 HIGH

Craftcms Craft Cms < 4.16.17 - Remote Code Execution

CVE-2025-68929 CRITICAL

Frappe <14.99.6-15.88.1 - Authenticated RCE

CVE-2025-67843 HIGH

Mintlify Platform <2025-11-15 - SSTI

CVE-2025-14700 CRITICAL

Craftycontrol Crafty Controller - Remote Code Execution

CVE-2025-14731 MEDIUM

CTCMS Content Management System <2.1.2 - XSS

CVE-2025-66438 HIGH

ERPNext <15.89.0 - SSTI

CVE-2025-66437 HIGH

ERPNext <15.89.0 - SSRF

CVE-2025-66436 MEDIUM

Frappe ERPNext <15.89.0 - SSRF

CVE-2025-66435 MEDIUM

Frappe ERPNext <15.89.0 - SSRF

CVE-2025-66434 HIGH

Frappe ERPNext <15.89.0 - SSRF

CVE-2025-65602 CRITICAL

ChanCMS 3.3.4 - Code Injection

CVE-2025-66299 HIGH

Grav <1.8.0-beta.27 - SSRF

CVE-2025-66298 HIGH

Grav <1.8.0-beta.27 - Info Disclosure

CVE-2025-66297 HIGH

Grav <1.8.0-beta.27 - RCE/Privilege Escalation

CVE-2025-66294 HIGH

Grav <1.8.0-beta.27 - SSTI

CVE-2025-66361 MEDIUM

Logpoint <7.7.0 - Info Disclosure

CVE-2025-65106 HIGH

LangChain <1.0.6 - Code Injection

CVE-2025-62369 HIGH

Xibo < 4.3.1 - Remote Code Execution

CVE-2025-60355 CRITICAL

zhangyd-c OneBlog <2.3.9 - Server-Side Template Injection

CVE-2025-62416 MEDIUM

Webkul Bagisto < 2.3.8 - Remote Code Execution

CVE-2025-37729 CRITICAL

Elastic Cloud Enterprise - Info Disclosure

CVE-2025-54287 MEDIUM

Canonical LXD >=4.0 - Info Disclosure

CVE-2025-10380 HIGH

Advanced Views - Server-Side Template Injection

CVE-2025-59340 CRITICAL

Hubspot Jinjava < 2.8.1 - Remote Code Execution

Previous Page 3 of 7 Next

Details

Vulnerabilities 155

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy