Weaknesses of type CWE-1336
179 resultsCVE-2026-27641CRITICALFlask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template InjectionEPSS 1.0%CVE-2024-37301HIGHdocument-merge-service vulnerable to Remote Code Execution via Server-Side Template InjectionEPSS 1.0%CVE-2023-6709CRITICALImproper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflowEPSS 0.9%CVE-2021-4315MEDIUMNYUCCL psiTurk experiment.py special elements used in a template engineEPSS 0.9%CVE-2026-25526CRITICALJinJava Bypass through ForTag leads to Arbitrary Java ExecutionEPSS 0.9%CVE-2025-62369HIGHXibo CMS: Remote Code Execution through module templatesEPSS 0.9%CVE-2025-49136CRITICALlistmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege userEPSS 0.9%CVE-2024-42355HIGHShopware vulnerable to Server Side Template Injection in Twig using deprecation silence tagEPSS 0.9%CVE-2024-25624MEDIUMiris-web vulnerable to Server Side Template Injection in reportsEPSS 0.9%CVE-2026-21448HIGHBagisto has Normal & Blind SSTI from low-privilege user when ordering productEPSS 0.8%CVE-2025-57811MEDIUMCraft Potential Remote Code Execution via Twig SSTIEPSS 0.8%CVE-2025-68454MEDIUMCraft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTIEPSS 0.8%CVE-2025-32461CRITICALwikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are EPSS 0.8%CVE-2026-22244HIGHOpenMetadata Server-Side Template Injection (SSTI) in FreeMarker email templates that leads to RCEEPSS 0.8%CVE-2026-44377CRITICALCubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCEEPSS 0.7%CVE-2026-34202CRITICALZebra node crash — V5 transaction hash panic (P2P reachable)EPSS 0.7%CVE-2024-8238MEDIUMUnrestricted Code Execution in aimhubio/aimEPSS 0.7%CVE-2024-37621HIGHStrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/indeEPSS 0.7%CVE-2022-0323MEDIUMImproper Neutralization of Special Elements Used in a Template Engine in bobthecow/mustache.phpEPSS 0.7%CVE-2026-2969MEDIUMdatapizza-labs datapizza-ai Jinja2 Template prompt.py ChatPromptTemplate special elements used in a template engineEPSS 0.7%