CWE-1336 · Improper Neutralization of Special Elements Used in a Template Engine

179 CVEs classified under CWE-1336 (Improper Neutralization of Special Elements Used in a Template Engine). Browse by severity and year.

Top CVEs for CWE-1336
CVESeverityScorePublishedSummary
CVE-2025-53833Critical10.02025-07-14LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side…
CVE-2025-47916Critical10.02025-05-16Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor contr…
CVE-2025-46661Critical10.02025-04-28IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions…
CVE-2024-32651Critical10.02024-04-26changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Inje…
CVE-2026-45312Critical9.92026-05-29RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/…
CVE-2026-9558Critical9.92026-05-29A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict…
CVE-2026-33897Critical9.92026-03-26Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root…
CVE-2026-1868Critical9.92026-02-09GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6…
CVE-2025-14700Critical9.92025-12-17An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code exe…
CVE-2025-32461Critical9.92025-04-09wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2…
CVE-2025-23211Critical9.92025-01-28Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute com…
CVE-2024-12583Critical9.92025-01-04The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 v…
CVE-2024-6386Critical9.92024-08-21The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This…
CVE-2026-54390Critical9.82026-06-18JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious templat…
CVE-2026-45697Critical9.82026-05-29Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default…
CVE-2026-33654Critical9.82026-03-27nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/…
CVE-2026-27641Critical9.82026-02-25Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attacke…
CVE-2026-25526Critical9.82026-02-04JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulne…
CVE-2025-64087Critical9.82026-01-20A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitra…
CVE-2026-21450Critical9.82026-01-02Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can l…