CWE-138
12 CVEs classified under CWE-138. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-42117 | High | 8.1 | 2024-05-03 | Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on a… |
CVE-2024-38133 | High | 7.8 | 2024-08-13 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2026-26129 | High | 7.5 | 2026-05-07 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information ove… |
CVE-2026-32178 | High | 7.5 | 2026-04-14 | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-5878 | High | 7.3 | 2025-06-29 | A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection… |
CVE-2022-0024 | High | 7.2 | 2022-05-11 | A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created… |
CVE-2023-22288 | Medium | 6.8 | 2023-03-20 | HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML int… |
CVE-2022-2429 | Medium | 6.5 | 2022-09-06 | The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Util… |
CVE-2026-20009 | Medium | 5.3 | 2026-03-04 | A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance (ASA)… |
CVE-2024-51500 | Medium | 5.3 | 2024-11-04 | Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadca… |
CVE-2025-48939 | Medium | 4.2 | 2025-07-03 | tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.curren… |
CVE-2016-0750 | Medium | 4.2 | 2018-09-11 | The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit… |