CVEs classified under CWE-150, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (42)
CVE-2022-30123 — CVSS 10.0 (critical): A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint…
CVE-2020-6932 — CVSS 10.0 (critical): An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development…
CVE-2025-47284 — CVSS 9.9 (critical): Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in…
CVE-2023-26055 — CVSS 9.9 (critical): XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can…
CVE-2026-25996 — CVSS 9.8 (critical): Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using…
CVE-2025-25286 — CVSS 9.8 (critical): Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version…
CVE-2023-3265 — CVSS 9.8 (critical): An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an…
CVE-2025-55754 — CVSS 9.6 (critical): Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences…
CVE-2026-26149 — CVSS 9.0 (critical): Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing…
CVE-2025-0975 — CVSS 8.8 (high): IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of…
CVE-2024-56201 — CVSS 8.8 (high): Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that…
CVE-2024-27936 — CVSS 8.8 (high): Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of…
CVE-2023-28446 — CVSS 8.8 (high): Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names…
CVE-2026-45038 — CVSS 7.8 (high): Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from…
CVE-2024-47252 — CVSS 7.5 (high): Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to…
CVE-2024-36052 — CVSS 7.5 (high): RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than…
CVE-2026-21521 — CVSS 7.4 (high): Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a…
CVE-2024-33899 — CVSS 7.1 (high): RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI…
CVE-2025-62845 — CVSS 6.7 (medium): An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains…
CVE-2026-41526 — CVSS 6.5 (medium): In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This…
CVE-2025-65082 — CVSS 6.5 (medium): Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the…
CVE-2023-40185 — CVSS 6.5 (medium): shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The…
CVE-2025-1692 — CVSS 6.3 (medium): The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could…
CVE-2026-21439 — CVSS 5.3 (medium): badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker…
CVE-2026-47090 — CVSS 4.6 (medium): Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl…
CVE-2025-64494 — CVSS 4.6 (medium): Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can…
CVE-2026-35651 — CVSS 4.3 (medium): OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows…
CVE-2025-1693 — CVSS 3.9 (low): The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can…
CVE-2023-39342 — CVSS 3.6 (low): Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI…
CVE-2026-45803 — CVSS 3.5 (low): `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that…
CVE-2026-40505 — CVSS 3.3 (low): MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences…
CVE-2024-28085 — CVSS 3.3 (low): wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals…
CVE-2021-25743 — CVSS 3.0 (low): kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not…
CVE-2025-55193: Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or…
CVE-2024-58251 — CVSS 2.5 (low): In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape…
CVE-2024-43785 — CVSS 2.5 (low): gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of…
CVE-2025-58160: tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20…
CVE-2026-49147: App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack…