Weaknesses of type CWE-943
57 resultsCVE-2026-41696MEDIUMSpring Data MongoDB Bind Parameter Literal Quoting BreakoutEPSS 0.3%CVE-2026-47835HIGHSpring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector StoresEPSS 0.3%CVE-2026-44425MEDIUMShellHub: Crash-DoS via field injection in filter and sort-by parametersEPSS 0.3%CVE-2026-47181HIGHPenguinMod-BackendApi: NoSQL Injection in Password Reset Endpoint Allows Account TakeoverEPSS 0.3%CVE-2026-6626MEDIUMCockpit-HQ Cockpit Asset Handler/Aggregate data query logic injectionEPSS 0.2%CVE-2026-41697MEDIUMSpring Data Relational Parameter not Escaped for Query By Example LIKE PatternEPSS 0.2%CVE-2025-42884MEDIUMJNDI Injection vulnerability in SAP NetWeaver Enterprise PortalEPSS 0.2%CVE-2026-3021HIGHNon-relational SQL injection vulnerability (NoSQLi) in the Wakyma application webEPSS 0.2%CVE-2026-3022HIGHNon-relational SQL injection vulnerability (NoSQLi) in the Wakyma application webEPSS 0.2%CVE-2025-23292MEDIUMNVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an auEPSS 0.2%CVE-2026-28211HIGHArbitrary code execution in log reader via untrusted log fileEPSS 0.2%CVE-2026-31825MEDIUMSylius has a DQL Injection via API Order FiltersEPSS 0.2%CVE-2026-33566MEDIUMThere is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of theEPSS 0.2%CVE-2026-0504LOWInsufficient Input Handling in JNDI Operations of SAP Identity ManagementEPSS 0.2%CVE-2026-49482MEDIUMClipBucket: SQL Wildcard Injection in Subtitle Edit Endpoint Allows Mass Subtitle OverwriteEPSS 0.2%CVE-2025-36353MEDIUMIBM Db2 Denial of ServiceEPSS 0.2%CVE-2025-36185MEDIUMIBM Db2 denial of serviceEPSS 0.1%