Fallos del tipo CWE-1336
179 resultadosCVE-2024-38363HIGHRemote Code Execution (RCE) via Server Side Template Injection (SSTI) in AirbyteEPSS 0.7%CVE-2024-55652MEDIUMPwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filtersEPSS 0.7%CVE-2025-66297HIGHGrav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig InjectionEPSS 0.7%CVE-2026-40477CRITICALImproper restriction of the scope of accessible objects in Thymeleaf expressionsEPSS 0.6%CVE-2024-42356HIGHShopware vulnerable to Server Side Template Injection in Twig using Context functionsEPSS 0.6%CVE-2025-46661CRITICALIPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide teEPSS 0.6%CVE-2025-26865LOWApache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCEEPSS 0.6%CVE-2026-11407HIGHPimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowedEPSS 0.6%CVE-2025-12107HIGHPotential authenticated Server-Side Template Injection (SSTI) vulnerability.EPSS 0.6%CVE-2026-34172HIGHGiskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 EnvironmentEPSS 0.6%CVE-2024-48962HIGHApache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE)EPSS 0.6%CVE-2024-55660MEDIUMSiYuan has an SSTI via /api/template/renderSprigEPSS 0.6%CVE-2026-40478CRITICALImproper neutralization of specific syntax patterns for unauthorized expressions in ThymeleafEPSS 0.6%CVE-2025-52122CRITICALFreeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitEPSS 0.6%CVE-2023-41047MEDIUMImproper Neutralization of Special Elements Used in a Template Engine in OctoPrintEPSS 0.6%CVE-2025-37729CRITICALElastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template EngineEPSS 0.6%CVE-2026-34906CRITICALServer-Side Template Injection (SSTI) in Wirtualna UczelniaEPSS 0.6%CVE-2026-28695HIGHCraft affected by authenticated RCE via Twig SSTI - create() function + Symfony Process gadgetEPSS 0.6%CVE-2026-29207MEDIUMApache OFBiz: Low-Privilege SSTI Leading to RCE in the Content ComponentEPSS 0.5%CVE-2023-5764HIGHAnsible: template injectionEPSS 0.5%