Weaknesses of type CWE-138
13 resultsCVE-2023-42117HIGHExim Improper Neutralization of Special Elements Remote Code Execution VulnerabilityEPSS 5.7%CVE-2016-0750MEDIUMThe hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A maliciousEPSS 2.4%CVE-2022-0024HIGHPAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration CommitEPSS 1.4%CVE-2026-26129HIGHM365 Copilot Information Disclosure VulnerabilityEPSS 1.1%CVE-2026-32178HIGH.NET Spoofing VulnerabilityEPSS 1.1%CVE-2024-38133HIGHWindows Kernel Elevation of Privilege VulnerabilityEPSS 0.7%CVE-2022-2429MEDIUMUltimate SMS Notifications for WooCommerce <= 1.4.1 - CSV InjectionEPSS 0.7%CVE-2024-51500MEDIUMFailure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmwareEPSS 0.4%CVE-2025-5878MEDIUMESAPI esapi-java-legacy SQL Injection Defense Encoder.encodeForSQL special elementEPSS 0.4%CVE-2023-22288MEDIUMEmail HTML InjectionEPSS 0.4%CVE-2026-20009MEDIUMCisco Secure Firewall Adaptive Security Appliance SSH Partial Private Key Authentication Bypass VulnerabilityEPSS 0.4%CVE-2023-7012HIGHInsufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to instaEPSS 0.3%CVE-2025-48939MEDIUMtarteaucitron.js vulnerable to DOM Clobbering via document.currentScriptEPSS 0.2%