CVEs classified under CWE-75, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2026-29042 — CVSS 9.8 (critical): Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component…
CVE-2025-50213 — CVSS 9.8 (critical): Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers…
CVE-2021-22910 — CVSS 9.8 (critical): A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which…
CVE-2021-22911 — CVSS 9.8 (critical): A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL…
CVE-2026-31908 — CVSS 9.1 (critical): Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject…
CVE-2022-24039 — CVSS 9.0 (critical): A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884)…
CVE-2024-37779 — CVSS 8.8 (high): WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant…
CVE-2024-31809 — CVSS 8.8 (high): TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in…
CVE-2021-39174 — CVSS 8.8 (high): Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin)…
CVE-2022-48217 — CVSS 8.1 (high): The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in…
CVE-2024-24257 — CVSS 7.5 (high): An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information…
CVE-2024-0801 — CVSS 7.5 (high): A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.
CVE-2024-27622 — CVSS 7.2 (high): A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This…
CVE-2025-61911 — CVSS 6.5 (medium): python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method…
CVE-2024-31812 — CVSS 6.5 (medium): In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function…
CVE-2024-31806 — CVSS 6.5 (medium): TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which…
CVE-2026-27120 — CVSS 6.1 (medium): Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special…
CVE-2023-1758 — CVSS 5.4 (medium): Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to…
CVE-2022-4721 — CVSS 5.4 (medium): Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to…
CVE-2016-9471 — CVSS 3.1 (low): Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on…