CWE-115
25 CVEs classified under CWE-115. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-29509 | Critical | 9.8 | 2020-12-14 | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which… |
CVE-2020-29511 | Critical | 9.8 | 2020-12-14 | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which al… |
CVE-2020-29510 | Critical | 9.8 | 2020-12-14 | The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows… |
CVE-2022-3224 | Critical | 9.4 | 2022-09-15 | Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0. |
CVE-2021-1587 | High | 8.6 | 2021-08-25 | A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated… |
CVE-2023-0880 | High | 8.3 | 2023-02-17 | Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
CVE-2025-5747 | High | 8.0 | 2025-06-06 | WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attac… |
CVE-2025-32908 | High | 7.5 | 2025-04-14 | A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a… |
CVE-2024-11169 | High | 7.5 | 2025-03-20 | An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handl… |
CVE-2021-0207 | High | 7.5 | 2021-01-15 | An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain tra… |
CVE-2022-20915 | High | 7.4 | 2022-10-10 | A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adj… |
CVE-2025-68113 | Medium | 6.5 | 2025-12-16 | ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, w… |
CVE-2023-32260 | Medium | 6.5 | 2024-03-19 | Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Ma… |
CVE-2022-1233 | Medium | 6.5 | 2022-04-04 | URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. |
CVE-2022-21672 | Medium | 6.5 | 2022-01-10 | make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make… |
CVE-2025-5826 | Medium | 6.3 | 2025-06-25 | Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to… |
CVE-2023-32228 | Medium | 4.6 | 2024-04-11 | A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user. |
CVE-2021-21366 | Medium | 4.3 | 2021-03-12 | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly pres… |
CVE-2025-55303 | | 2025-08-19 | Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with… | |
CVE-2025-54584 | | 2025-07-30 | GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). In versions 1.19.1 and below, an attacker can craft a m… |