Weaknesses of type CWE-1336
179 resultsCVE-2025-54287HIGHArbitrary File Read via Template Injection in Snapshot PatternsEPSS 0.3%CVE-2026-42203HIGHLiteLLM: Server-Side Template Injection in /prompts/test endpointEPSS 0.3%CVE-2025-6518MEDIUMPySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a template engineEPSS 0.3%CVE-2026-27961HIGHAgenta's Server-Side Template Injection (SSTI) via custom evaluator Jinja2 templates allows RCEEPSS 0.3%CVE-2025-66298HIGHGrav is vulnerable to Server-Side Template Injection (SSTI) via FormsEPSS 0.3%CVE-2026-5559MEDIUMAntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engineEPSS 0.3%CVE-2026-6984MEDIUMAstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engineEPSS 0.3%CVE-2024-58293HIGHAkaunting 3.1.8 Server-Side Template Injection via Multiple Form FieldsEPSS 0.3%CVE-2025-49142MEDIUMNautobot vulnerable to secrets exposure and data manipulation through Jinja2 templatingEPSS 0.3%CVE-2026-9498MEDIUMDromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engineEPSS 0.3%CVE-2026-45312CRITICALRAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code ExecutionEPSS 0.3%CVE-2025-46699MEDIUMDell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulEPSS 0.3%CVE-2024-57177HIGHA host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. By sending a specially crafted host header EPSS 0.3%CVE-2025-66435MEDIUMAn SSTI (Server-Side Template Injection) vulnerability exists in the get_contract_template method of Frappe ERPNext through 15.89.0. The funEPSS 0.3%CVE-2025-66436MEDIUMAn SSTI (Server-Side Template Injection) vulnerability exists in the get_terms_and_conditions method of Frappe ERPNext through 15.89.0. The EPSS 0.3%CVE-2026-52796LOWGogs: DoS in rendering issue index patternEPSS 0.3%CVE-2023-47542MEDIUMA improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 EPSS 0.3%CVE-2025-9094MEDIUMThingsBoard Add Gateway special elements used in a template engineEPSS 0.3%CVE-2026-34724HIGHZammad has a server-side template injection leading to RCE via AI AgentEPSS 0.3%CVE-2026-40087MEDIUMLangChain has incomplete f-string validation in prompt templatesEPSS 0.3%