CVEs classified under CWE-138, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2023-42117 — CVSS 9.8 (critical): Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2026-26129 — CVSS 7.5 (high): Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to…
CVE-2026-32178 — CVSS 7.5 (high): Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2022-0024 — CVSS 7.2 (high): A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a…
CVE-2026-20009 — CVSS 5.3 (medium): A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive…
CVE-2024-51500 — CVSS 5.3 (medium): Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from…
CVE-2025-48939 — CVSS 4.2 (medium): tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js…