Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1336

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

Parent: CWE-94 - Improper Control of Generation of Code ('Code Injection')

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

155 vulnerabilities with CWE-1336

CVE-2025-23211 CRITICAL

Tandoor Recipes <1.5.24 - RCE

CVE-2024-58303 HIGH

FoF Pretty Mail 1.1.2 - Code Injection

CVE-2024-58293 HIGH

Akaunting 3.1.8 - Code Injection

CVE-2024-8238 HIGH

aimhubio/aim <3.22.0 - RCE

CVE-2024-9150 HIGH

Wyn Enterprise <8.0.00204.0 - Code Injection

CVE-2024-57177 HIGH

perfood/couch-auth <= 0.21.2 - SSRF

CVE-2024-54954 HIGH

OneBlog v2.3.6 - Code Injection

CVE-2024-12583 CRITICAL

Dynamics 365 Integration plugin - RCE

CVE-2024-56326 HIGH

Jinja <3.1.5 - RCE

CVE-2024-55660 CRITICAL

SiYuan <3.1.16 - SSRF

CVE-2024-55652 MEDIUM

PenDoc <1d4219c596f4f518798492e48386a20c6 - Code Injection

CVE-2024-30372 MEDIUM

Alltena Allegra < 7.5.1 - Remote Code Execution

CVE-2024-48962 HIGH

Apache Ofbiz < 18.12.17 - CSRF

CVE-2024-39766 HIGH

Intel(R) Neural Compressor <v3.0 - Privilege Escalation

CVE-2024-46366 HIGH

Webkul Krayin Crm - Privilege Escalation

CVE-2024-45053 CRITICAL

Fides <2.44.0 - SSRF

CVE-2024-6386 CRITICAL

WPML <4.6.12 - RCE

CVE-2024-42356 HIGH

Shopware <6.6.5.1-6.5.8.13 - Code Injection

CVE-2024-42355 HIGH

Shopware <6.6.5.1-6.5.8.13 - Code Injection

CVE-2024-41950 HIGH

Pypi Haystack-ai < 2.3.1 - Remote Code Execution

CVE-2024-38363 HIGH

Airbyte - Authenticated RCE

CVE-2024-37621 HIGH

StrongShop v1.0 - SSRF

CVE-2024-37301 HIGH

Pypi Document-merge-service < 6.5.2 - Remote Code Execution

CVE-2024-23692 CRITICAL KEV

Rejetto HTTP File Server - Template injection

CVE-2024-34710 HIGH

Wiki.js <2.5.303 - XSS

Previous Page 5 of 7 Next

Details

Vulnerabilities 155

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy