Skip to main content

CWE-141

Improper Neutralization of Parameter/Argument Delimiters

7 CVEs Avg CVSS 7.1 MITRE
1
CRITICAL
3
HIGH
2
MEDIUM
1
LOW
0
POC
0
KEV

Monthly

CVE-2026-56813 LOW PATCH Monitor

Cookie attribute injection in elixir-plug's Plug library allows a remote attacker who can supply values reflected into `Set-Cookie` headers to inject the `;` delimiter and override attributes such as `Domain`, `Path`, `Secure`, and `HttpOnly`. Applications calling `Plug.Conn.put_resp_cookie/4` with user-controlled data - for example, reflecting a username or preference value - are exposed to session fixation and cookie tossing across five supported release lines (0.1.0 through 1.20.2). No public exploit code or CISA KEV listing is present at time of analysis, but the attack is mechanically straightforward wherever the vulnerable code pattern exists.

Code Injection
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-20338 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-31329 MEDIUM This Month

SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-0840 HIGH This Week

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41665 HIGH PATCH This Week

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions <. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware +33
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-29873 CRITICAL PATCH Act Now

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware +33
NVD
CVSS 4.0
9.3
EPSS
1.8%
CVE-2022-29872 HIGH PATCH This Week

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware +33
NVD
CVSS 4.0
8.7
EPSS
1.4%
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Cookie attribute injection in elixir-plug's Plug library allows a remote attacker who can supply values reflected into `Set-Cookie` headers to inject the `;` delimiter and override attributes such as `Domain`, `Path`, `Secure`, and `HttpOnly`. Applications calling `Plug.Conn.put_resp_cookie/4` with user-controlled data - for example, reflecting a username or preference value - are exposed to session fixation and cookie tossing across five supported release lines (0.1.0 through 1.20.2). No public exploit code or CISA KEV listing is present at time of analysis, but the attack is mechanically straightforward wherever the vulnerable code pattern exists.

Code Injection
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions <. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service 7Kg8500 0Aa00 0Aa0 Firmware +35
NVD
EPSS 2% CVSS 9.3
CRITICAL PATCH Act Now

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE 7Kg8500 0Aa00 0Aa0 Firmware +35
NVD
EPSS 1% CVSS 8.7
HIGH PATCH This Week

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE 7Kg8500 0Aa00 0Aa0 Firmware +35
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy