CVEs classified under CWE-643, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2026-44962 — CVSS 9.9 (critical): Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is…
CVE-2026-24343 — CVSS 8.8 (high): Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache…
CVE-2024-39565 — CVSS 8.8 (high): An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos…
CVE-2020-25162 — CVSS 7.5 (high): A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions…
CVE-2026-40699 — CVSS 6.5 (medium): A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to…
CVE-2025-11844 — CVSS 5.4 (medium): Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in…
CVE-2025-20218 — CVSS 4.9 (medium): A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an…
CVE-2022-43840 — CVSS 4.3 (medium): IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to…