CWE-159
13 CVEs classified under CWE-159. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-1653 | High | 7.5 | 2020-07-17 | On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (… |
CVE-2020-1648 | High | 7.5 | 2020-07-17 | On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This… |
CVE-2020-1646 | High | 7.5 | 2020-07-17 | On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and r… |
CVE-2026-35536 | High | 7.2 | 2026-04-03 | In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked… |
CVE-2026-29106 | Medium | 5.9 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the value of the… |
CVE-2026-2636 | Medium | 5.5 | 2026-02-25 | This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in th… |
CVE-2024-51500 | Medium | 5.3 | 2024-11-04 | Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadca… |
CVE-2021-21707 | Medium | 5.3 | 2021-11-29 | In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filena… |
CVE-2020-29022 | Medium | 5.3 | 2021-02-16 | Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affect… |
CVE-2025-61984 | Low | 3.6 | 2025-10-06 | ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution… |
CVE-2025-52884 | | 2025-06-24 | RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contra… | |
CVE-2021-42375 | | 2021-11-15 | An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaki… | |
CVE-2019-9505 | | 2019-05-08 | The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized chang… |