CWE-140
18 CVEs classified under CWE-140. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-31208 | High | 8.3 | 2023-05-17 | Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus com… |
CVE-2025-47779 | High | 7.7 | 2025-05-22 | Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-… |
CVE-2023-6157 | High | 7.6 | 2023-11-22 | Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command… |
CVE-2023-6156 | High | 7.6 | 2023-11-22 | Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary lives… |
CVE-2023-38488 | High | 7.1 | 2023-07-27 | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might hav… |
CVE-2025-48879 | Medium | 6.5 | 2025-06-10 | OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-d… |
CVE-2024-6542 | Medium | 6.5 | 2024-07-22 | Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus… |
CVE-2026-21691 | Medium | 5.4 | 2026-01-07 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color manage… |
CVE-2025-52989 | Medium | 5.1 | 2025-07-11 | An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with… |
CVE-2024-42482 | Medium | 4.8 | 2024-08-12 | fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the `pattern` input (specifically the… |
CVE-2024-42392 | Medium | 4.0 | 2024-11-18 | Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains un… |
CVE-2024-42385 | Medium | 4.0 | 2024-11-18 | Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate… |
CVE-2026-33457 | | 2026-04-10 | Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus com… | |
CVE-2026-33456 | | 2026-04-10 | Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to… | |
CVE-2026-33455 | | 2026-04-10 | Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due… | |
CVE-2025-32918 | | 2025-07-04 | Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2… | |
CVE-2024-38866 | | 2025-05-27 | Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection | |
CVE-2024-38865 | | 2025-04-10 | Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allow… |