CVEs classified under CWE-159, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2019-9505 — CVSS 9.8 (critical): The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for…
CVE-2020-1648 — CVSS 7.5 (high): On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD)…
CVE-2020-1646 — CVSS 7.5 (high): On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process…
CVE-2026-35536 — CVSS 7.2 (high): In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cook…
CVE-2026-2636 — CVSS 5.5 (medium): This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an…
CVE-2021-42375 — CVSS 5.5 (medium): An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due…
CVE-2021-21707 — CVSS 5.3 (medium): In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file()…
CVE-2020-29022 — CVSS 5.3 (medium): Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning…
CVE-2025-61984 — CVSS 3.6 (low): ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially…
CVE-2025-52884: RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains…