CWE-75
17 CVEs classified under CWE-75. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-1758 | High | 8.9 | 2023-04-05 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12. |
CVE-2021-39174 | High | 8.8 | 2021-08-27 | Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of… |
CVE-2023-0302 | High | 8.6 | 2023-01-15 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. |
CVE-2022-4721 | Medium | 6.6 | 2022-12-23 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
CVE-2026-27120 | Medium | 6.1 | 2026-02-20 | Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended g… |
CVE-2022-3607 | Medium | 6.0 | 2022-10-19 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. |
CVE-2024-9940 | Medium | 5.3 | 2024-10-17 | The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not pro… |
CVE-2016-9471 | Low | 3.1 | 2017-03-28 | Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver in… |
CVE-2026-31908 | | 2026-04-14 | Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. … | |
CVE-2026-29042 | | 2026-03-06 | Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command in… | |
CVE-2025-61911 | | 2025-10-10 | python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_fi… | |
CVE-2025-50213 | | 2025-06-24 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affect… | |
CVE-2023-27533 | | 2023-03-30 | A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted use… | |
CVE-2023-23912 | | 2023-02-09 | A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix… | |
CVE-2022-24039 | | 2022-05-10 | A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The “addCell” JavaSc… | |
CVE-2021-22910 | | 2021-08-09 | A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL… | |
CVE-2021-22911 | | 2021-05-27 | A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potent… |