Weaknesses of type CWE-159
13 resultsCVE-2021-21707MEDIUMSpecial characters break path parsing in XML functionsEPSS 26.0%CVE-2019-9505—PrinterLogic Print Management Software does not sanitize special charactersEPSS 3.5%CVE-2020-1653HIGHJunos OS: Kernel crash (vmcore) or FPC crash due to mbuf leakEPSS 1.6%CVE-2020-1648HIGHJunos OS and Junos OS Evolved: RPD crash when processing a specific BGP packetEPSS 1.3%CVE-2020-1646HIGHJunos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information.EPSS 1.0%CVE-2020-29022MEDIUMHost Header Injection allowing web cache poisoning attacksEPSS 0.8%CVE-2026-2636MEDIUMDenial of Service in Microsoft OSEPSS 0.4%CVE-2024-51500MEDIUMFailure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmwareEPSS 0.4%CVE-2021-42375MEDIUMAn incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due tEPSS 0.4%CVE-2025-52884LOWrisc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitmentEPSS 0.3%CVE-2026-35536HIGHIn Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookEPSS 0.2%CVE-2025-61984LOWssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leadinEPSS 0.2%CVE-2026-29106MEDIUMSuiteCRM has blind XSS in return_id parameterEPSS 0.1%