CVEs classified under CWE-149, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2018-25135 — CVSS 9.8 (critical): Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting…
CVE-2026-42511 — CVSS 8.1 (high): The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf…
CVE-2025-1094 — CVSS 8.1 (high): Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and…
CVE-2025-43878 — CVSS 6.0 (medium): When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass…
CVE-2023-36479 — CVSS 3.5 (low): Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command…