VYPR

CWE-140

Improper Neutralization of Delimiters

BaseDraft

Description

The product does not neutralize or incorrectly neutralizes delimiters.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-15

CVEs mapped to this weakness (6)

  • CVE-2026-33456HigApr 10, 2026
    risk 0.42cvss 7.6epss 0.00

    Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description.

  • CVE-2026-33457MedApr 10, 2026
    risk 0.34cvss 6.3epss 0.00

    Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value.

  • CVE-2026-33455MedApr 10, 2026
    risk 0.34cvss 6.3epss 0.00

    Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins.

  • CVE-2025-48879Jun 10, 2025
    risk 0.00cvss epss 0.00

    OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered…

  • CVE-2024-42482Aug 12, 2024
    risk 0.00cvss epss 0.01

    fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the `pattern` input (specifically the command separator `;` and command substitution characters `(` and `)`) mean that arbitrary command injection is possible…

  • CVE-2023-38488Jul 27, 2023
    risk 0.00cvss epss 0.01

    Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby…