CWE-149
5 CVEs classified under CWE-149. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-25135 | Critical | 9.8 | 2025-12-24 | Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user i… |
CVE-2026-42511 | High | 8.1 | 2026-04-30 | The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the… |
CVE-2025-1094 | High | 8.1 | 2025-02-13 | Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() all… |
CVE-2025-43878 | Medium | 6.0 | 2025-05-07 | When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restri… |
CVE-2023-36479 | Low | 3.5 | 2023-09-15 | Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have t… |