Description
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component.
Extended Description
As data is parsed, an injected element may cause the process to take unexpected actions.
CVE vulnerabilities with CWE-155 (15)
8.7
CVSS
HIGH
CVE-2025-11757
pub. 2025-10-21
8.7
CVSS
HIGH
CVE-2024-47791
pub. 2024-12-06
8.5
CVSS
HIGH
CVE-2025-4232
pub. 2025-06-13
8.1
CVSS
HIGH
CVE-2022-21646
pub. 2022-01-11
6.9
CVSS
MEDIUM
CVE-2025-27515
pub. 2025-03-05
6.9
CVSS
MEDIUM
CVE-2025-0681
pub. 2025-01-30
6.9
CVSS
MEDIUM
CVE-2025-0106
pub. 2025-01-11
6.7
CVSS
MEDIUM
CVE-2024-8688
pub. 2024-09-11
6.5
CVSS
MEDIUM
CVE-2025-24376
pub. 2025-01-30
6.5
CVSS
MEDIUM
CVE-2024-6509
pub. 2024-09-10
6.5
CVSS
MEDIUM
CVE-2024-0054
pub. 2024-03-19
6.5
CVSS
MEDIUM
CVE-2024-0055
pub. 2024-03-19
6.5
CVSS
MEDIUM
CVE-2020-1772
pub. 2020-03-27
5.3
CVSS
MEDIUM
CVE-2019-3802
pub. 2019-06-03
4.3
CVSS
MEDIUM
CVE-2026-49482
pub. 2026-06-12