CWE-149

5 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-149page 1 of 1

CVE-2018-25135CRITICALCVSS 9.8EG 9.8
2025-12-24
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or '…
CVE-2023-36479LOWCVSS 3.5EG 3.5
2023-09-15
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.serv…
CVE-2025-1094HIGHCVSS 8.1EG 8.1
2025-02-13
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns…
CVE-2025-43878MEDIUMCVSS 6.0EG 6.0
2025-05-07
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system…
CVE-2026-42511HIGHCVSS 8.1EG 7.3
2026-04-30
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, …

Map vulnerabilities like CWE-149 to your infrastructure

EchelonGraph correlates every CVE — across CWE-149 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →