CWE-159
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-159page 1 of 1
- CVE-2019-9505CRITICALCVSS 9.8EG 9.82019-05-08
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely e…
- CVE-2020-1646HIGHCVSS 7.5EG 7.52020-07-17
On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the B…
- CVE-2020-1648HIGHCVSS 7.5EG 7.52020-07-17
On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeat…
- CVE-2020-1653HIGHCVSS 7.5EG 7.52020-07-17
On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). This issue can be trigge…
- CVE-2020-29022MEDIUMCVSS 5.3EG 5.32021-02-16
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3
- CVE-2021-21707MEDIUMCVSS 5.3EG 5.32021-11-29
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may…
- CVE-2021-42375MEDIUMCVSS 5.5EG 5.52021-11-15
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under r…
- CVE-2024-51500MEDIUMCVSS 5.3EG 5.32024-11-04
Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could result in unexpected behavior and potential …
- CVE-2025-52884LOWCVSS 1.7EG 0.02025-06-24
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 a…
- CVE-2025-61984LOWCVSS 3.6EG 3.62025-10-06
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-s…
- CVE-2026-35536HIGHCVSS 7.2EG 7.22026-04-03
In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters.
Map vulnerabilities like CWE-159 to your infrastructure
EchelonGraph correlates every CVE — across CWE-159 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →