CVEs classified under CWE-1336, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-53833 — CVSS 10.0 (critical): LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are…
CVE-2024-32651 — CVSS 10.0 (critical): changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a…
CVE-2026-45312 — CVSS 9.9 (critical): RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt…
CVE-2026-9558 — CVSS 9.9 (critical): A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without…
CVE-2026-33897 — CVSS 9.9 (critical): Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary…
CVE-2026-1868 — CVSS 9.9 (critical): GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway…
CVE-2025-14700 — CVSS 9.9 (critical): An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to…
CVE-2025-32461 — CVSS 9.9 (critical): wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are…
CVE-2024-12583 — CVSS 9.9 (critical): The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and…
CVE-2026-54390 — CVSS 9.8 (critical): JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to…
CVE-2026-25526 — CVSS 9.8 (critical): JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and…
CVE-2025-64087 — CVSS 9.8 (critical): A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows…
CVE-2026-21450 — CVSS 9.8 (critical): Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type…
CVE-2026-21448 — CVSS 9.8 (critical): Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a…
CVE-2025-60355 — CVSS 9.8 (critical): zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVE-2025-59340 — CVSS 9.8 (critical): jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Priori to 2.8.1, by using…
CVE-2024-24724 — CVSS 9.8 (critical): Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution…
CVE-2026-28496: FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection…
CVE-2026-34906: Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In…
CVE-2026-42252 — CVSS 9.1 (critical): Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim…
CVE-2026-39980 — CVSS 9.1 (critical): OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file…
CVE-2026-28697 — CVSS 9.1 (critical): Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can achieve Remote Code…
CVE-2025-37729 — CVSS 9.1 (critical): Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with…
CVE-2025-53909 — CVSS 9.1 (critical): mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists…
CVE-2023-29297 — CVSS 9.1 (critical): Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of…
CVE-2025-68929 — CVSS 9.0 (critical): Frappe is a full-stack web application framework. Prior to versions 14.99.6 and 15.88.1, an authenticated user with specific permissions…
CVE-2025-49136 — CVSS 9.0 (critical): listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env`…
CVE-2026-41065: Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code…
CVE-2026-42203 — CVSS 8.8 (high): LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the…
CVE-2026-35044 — CVSS 8.8 (high): BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile…
CVE-2026-34172 — CVSS 8.8 (high): Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1…
CVE-2026-28228 — CVSS 8.8 (high): OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31…
CVE-2026-27961 — CVSS 8.8 (high): Agenta is an open-source LLMOps platform. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 0.86.8 in…
CVE-2025-69516 — CVSS 8.8 (high): A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting…
CVE-2025-68454 — CVSS 8.8 (high): Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to…
CVE-2026-21449 — CVSS 8.8 (high): Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via first…
CVE-2025-66297 — CVSS 8.8 (high): Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav…
CVE-2025-10380 — CVSS 8.8 (high): The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all…
CVE-2025-49828 — CVSS 8.8 (high): Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets…
CVE-2025-1040 — CVSS 8.8 (high): AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution…
CVE-2025-27516 — CVSS 8.8 (high): Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr…
CVE-2024-46366 — CVSS 8.8 (high): A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side…
CVE-2023-6743 — CVSS 8.8 (high): The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all…
CVE-2023-6709 — CVSS 8.8 (high): Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
CVE-2024-9150: Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An…
CVE-2026-26938 — CVSS 8.6 (high): Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an…
CVE-2024-58303: FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code…
CVE-2024-58293: Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template…
CVE-2026-32261: Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GET or POST requests when certain…