Description
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.
CVE vulnerabilities with CWE-96 (23)
9.9
CVSS
CRITICAL
CVE-2015-2079
pub. 2025-04-28
9.9
CVSS
CRITICAL
CVE-2024-55662
pub. 2024-12-12
9.9
CVSS
CRITICAL
CVE-2024-55877
pub. 2024-12-12
9.8
CVSS
CRITICAL
CVE-2024-13264
pub. 2025-01-09
9.8
CVSS
CRITICAL
CVE-2023-39726
pub. 2023-10-26
9.8
CVSS
CRITICAL
CVE-2022-0895
pub. 2022-03-10
9.8
CVSS
CRITICAL
CVE-2020-6143
pub. 2020-09-01
9.8
CVSS
CRITICAL
CVE-2020-6144
pub. 2020-09-01
9.4
CVSS
CRITICAL
CVE-2025-30091
pub. 2025-03-25
9.0
CVSS
CRITICAL
CVE-2024-43400
pub. 2024-08-19
8.8
CVSS
HIGH
CVE-2022-43938
pub. 2023-04-03
8.6
CVSS
HIGH
CVE-2024-32487
pub. 2024-04-13
7.5
CVSS
HIGH
CVE-2024-13265
pub. 2025-01-09
7.5
CVSS
HIGH
CVE-2024-13267
pub. 2025-01-09
7.2
CVSS
HIGH
CVE-2025-36595
pub. 2025-06-27
7.2
CVSS
HIGH
CVE-2021-39115
pub. 2021-09-01
6.8
CVSS
MEDIUM
CVE-2024-13268
pub. 2025-01-09
6.6
CVSS
MEDIUM
CVE-2024-0788
pub. 2024-01-29
6.4
CVSS
MEDIUM
CVE-2024-37900
pub. 2024-07-31
6.3
CVSS
MEDIUM
CVE-2025-7825
pub. 2025-10-03
Showing 20 of 23 vulnerabilities