CVEs classified under CWE-140, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2025-32918 — CVSS 8.8 (high): Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6…
CVE-2024-38865 — CVSS 8.8 (high): Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and…
CVE-2025-47779 — CVSS 7.7 (high): Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions…
CVE-2026-33456 — CVSS 7.6 (high): Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the…
CVE-2023-6157 — CVSS 7.6 (high): Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary…
CVE-2023-6156 — CVSS 7.6 (high): Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15…
CVE-2024-38866 — CVSS 7.5 (high): Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection
CVE-2025-48879 — CVSS 6.5 (medium): OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated…
CVE-2024-6542 — CVSS 6.5 (medium): Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows…
CVE-2026-33457 — CVSS 6.3 (medium): Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject…
CVE-2026-33455 — CVSS 6.3 (medium): Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via…
CVE-2025-52989 — CVSS 5.1 (medium): An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local…
CVE-2024-42482 — CVSS 4.8 (medium): fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the `pattern`…
CVE-2024-42392 — CVSS 4.0 (medium): Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the…
CVE-2024-42385 — CVSS 4.0 (medium): Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if…