Weaknesses of type CWE-115
27 resultsCVE-2020-27846—A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threaEPSS 4.8%CVE-2018-12116—Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-providEPSS 4.6%CVE-2018-12123—Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a NodEPSS 4.0%CVE-2018-7159—The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 EPSS 3.6%CVE-2020-29509CRITICALThe encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization EPSS 2.1%CVE-2020-29510CRITICALThe encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-tEPSS 2.0%CVE-2020-29511CRITICALThe encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization roEPSS 1.9%CVE-2021-1587HIGHCisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service VulnerabilityEPSS 1.7%CVE-2021-21366MEDIUMMisinterpretation of malicious XML inputEPSS 1.3%CVE-2021-0207HIGHNFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series: Certain genuine traffic received by the Junos OS device will be discarded instead of forwarded.EPSS 1.3%CVE-2024-11169HIGHUnhandled Exception Leading to Server Crash in danny-avila/librechatEPSS 0.9%CVE-2022-1233MEDIUMURL Confusion When Scheme Not Supplied in medialize/uri.jsEPSS 0.8%CVE-2025-25069MEDIUMApache Kvrocks: Cross-Protocol Scripting VulnerabilityEPSS 0.7%CVE-2022-21672MEDIUM/etc/pki/tls and /etc/ssl/certs include distrusted certificates in make-caEPSS 0.7%CVE-2023-0880HIGHMisinterpretation of Input in thorsten/phpmyfaqEPSS 0.6%CVE-2025-55303MEDIUMUnauthorized third-party images in Astro’s _image endpointEPSS 0.6%CVE-2022-3224CRITICALMisinterpretation of Input in ionicabizau/parse-urlEPSS 0.6%CVE-2025-32908HIGHLibsoup: denial of service on libsoup through http/2 serverEPSS 0.5%CVE-2025-54584HIGHGitProxy is vulnerable to a packfile parsing exploitEPSS 0.5%CVE-2023-32260MEDIUMA potential Misinterpretation of Input vulnerability has been identified in SMAX, AMX, and HCMX products.EPSS 0.4%