CWE-138
14 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-138page 1 of 1
- CVE-2016-0750MEDIUMCVSS 4.2EG 8.82018-09-11
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote c…
- CVE-2022-0024HIGHCVSS 7.2EG 7.22022-05-11
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary c…
- CVE-2022-2429MEDIUMCVSS 6.5EG 8.02022-09-06
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as …
- CVE-2023-1279LOWCVSS 2.6EG 2.62023-09-01
An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would re…
- CVE-2023-22288MEDIUMCVSS 4.1EG 5.42023-03-20
HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails
- CVE-2023-42117CRITICALCVSS 9.8EG 8.12024-05-03
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vu…
- CVE-2023-4522MEDIUMCVSS 4.3EG 4.32023-08-30
An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit.
- CVE-2023-7012CRITICALCVSS 9.6EG 7.52024-07-16
Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security…
- CVE-2024-38133HIGHCVSS 7.8EG 7.82024-08-13
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2024-51500MEDIUMCVSS 5.3EG 5.32024-11-04
Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could result in unexpected behavior and potential …
- CVE-2025-48939MEDIUMCVSS 4.2EG 4.22025-07-03
tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual <script> ele…
- CVE-2025-5878HIGHCVSS 7.3EG 7.32025-06-29
A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The …
- CVE-2026-26129HIGHCVSS 7.5EG 7.52026-05-07
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- CVE-2026-32178HIGHCVSS 7.5EG 7.52026-04-14
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
Map vulnerabilities like CWE-138 to your infrastructure
EchelonGraph correlates every CVE — across CWE-138 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →