Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1336

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

Parent: CWE-94 - Improper Control of Generation of Code ('Code Injection')

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

175 vulnerabilities with CWE-1336

CVE-2025-34300 CRITICAL

Template Injection Vulnerability in Sawtooth Software

CVE-2025-49828 HIGH

Conjur 1.19.5-1.21.1 and 13.1-13.4.1 - Authenticated Remote Code Execution via Template Injection

CVE-2025-53833 CRITICAL

LaRecipe < 2.8.1 - Server-Side Template Injection

CVE-2025-6761 HIGH

Kingdee Cloud-Starry-Sky Enterprise Edition - XSS

CVE-2025-6518 MEDIUM

PySpur-Dev <0.1.18 - Improper Neutralization

CVE-2025-49142 HIGH

Nautobot <2.4.10-1.6.32 - Code Injection

CVE-2025-49136 CRITICAL

listmonk 4.0.0-5.0.1 - Unauthenticated Sensitive Environment Variable Exposure via Template Function

CVE-2025-49619 HIGH

Skyvern SSTI Remote Code Execution

CVE-2025-5325 MEDIUM

zhilink ADP Application Developer Platform <1.0.0 - XSS

CVE-2025-47916 CRITICAL

Invisioncommunity < 5.0.7 - Remote Code Execution

CVE-2025-46731 HIGH

Craft CMS <4.14.13, <5.6.16 - Authenticated RCE

CVE-2025-23376 LOW

Dell PowerProtect Data Manager 19.16-19.18 - Information Disclosure via Template Injection

CVE-2025-46661 CRITICAL

IPW Systems Metazo < 8.1.13 - Unauthenticated Remote Code Execution via Smarty Template Injection

CVE-2025-3841 LOW

wix-incubator jam <e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9 - Impro...

CVE-2025-32461 CRITICAL

Tiki < 21.12, 22-24.7, 25-27.1, 28-28.2 - Remote Code Execution via wikiplugin_includetpl Eval

CVE-2025-1040 HIGH

AutoGPT < 0.4.0 - Server-Side Template Injection via AgentOutputBlock Format String

CVE-2025-26865 LOW

Apache OFBiz <18.12.18 - Info Disclosure

CVE-2025-2040 MEDIUM

zhijiantianya ruoyi-vue-pro 2.4.1 - XSS

CVE-2025-27516 HIGH

Jinja < 3.1.6 - Remote Code Execution via |attr Filter Sandbox Bypass

CVE-2025-26789 MEDIUM

Logpoint AgentX <1.5.0 - Info Disclosure

CVE-2025-23211 CRITICAL

Tandoor Recipes < 1.5.24 - Authenticated Server-Side Template Injection via Jinja2

CVE-2024-58303 HIGH

FoF Pretty Mail 1.1.2 - Code Injection

CVE-2024-58293 HIGH

Akaunting 3.1.8 - Authenticated Server-Side Template Injection via Form Input Fields

CVE-2024-8238 HIGH

Aim < 3.22.0 AimQL str.format_map - RestrictedPython Code Execution

CVE-2024-9150 HIGH

Wyn Enterprise <8.0.00204.0 - Code Injection

Previous Page 5 of 7 Next

Details

Vulnerabilities 175

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy