CWE-150
50 CVEs classified under CWE-150. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-26055 | Critical | 10.0 | 2023-03-02 | XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profil… |
CVE-2020-6932 | Critical | 10.0 | 2020-08-12 | An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0… |
CVE-2025-47284 | Critical | 9.9 | 2025-05-19 | Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` comp… |
CVE-2025-25286 | Critical | 9.8 | 2025-02-13 | Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code e… |
CVE-2023-3265 | Critical | 9.8 | 2023-08-14 | An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login int… |
CVE-2017-0899 | Critical | 9.8 | 2017-08-31 | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specifica… |
CVE-2024-32986 | Critical | 9.7 | 2024-05-03 | PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as… |
CVE-2025-55754 | Critical | 9.6 | 2025-10-27 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If… |
CVE-2026-26149 | Critical | 9.0 | 2026-04-14 | Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network. |
CVE-2025-0975 | High | 8.8 | 2025-02-28 | IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. |
CVE-2024-27936 | High | 8.8 | 2024-03-06 | Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, mal… |
CVE-2023-28446 | High | 8.8 | 2023-03-24 | Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering… |
CVE-2026-3108 | High | 8.0 | 2026-03-26 | Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl comman… |
CVE-2026-45038 | High | 7.8 | 2026-05-15 | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dra… |
CVE-2025-15311 | High | 7.8 | 2026-02-05 | Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. |
CVE-2026-21521 | High | 7.4 | 2026-01-22 | Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network. |
CVE-2026-41526 | Medium | 6.5 | 2026-04-28 | In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not ad… |
CVE-2024-9774 | Medium | 6.5 | 2024-12-27 | A vulnerability was found in python-sql where unary operators do not escape non-Expression. |
CVE-2023-40185 | Medium | 6.5 | 2023-08-23 | shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result… |
CVE-2025-1692 | Medium | 6.3 | 2025-02-27 | The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text… |