Skip to main content

CWE-76

Improper Neutralization of Equivalent Special Elements

11 CVEs Avg CVSS 7.5 MITRE
2
CRITICAL
5
HIGH
3
MEDIUM
1
LOW
4
POC
0
KEV

Monthly

CVE-2026-55723 HIGH PATCH This Week

Configuration injection in F5 NGINX Ingress Controller lets an authenticated Kubernetes user with rights to create or modify Ingress CRDs or annotations smuggle arbitrary NGINX directives into the generated configuration. Because multiple user-controllable fields are written to the config without sanitization, an attacker can inject directives that create or delete files and disable services on the control plane. No public exploit identified at time of analysis; this is a control-plane-only issue with no data plane exposure, but the CVSS 4.0 score of 8.7 (High) reflects strong confidentiality and integrity impact.

Nginx Kubernetes Code Injection Nginx Ingress Controller
NVD
CVSS 4.0
8.7
CVE-2026-11311 HIGH This Week

Configuration injection in F5 NGINX Gateway Fabric lets an authenticated Kubernetes user who can create or modify NginxProxy or AuthenticationFilter Custom Resources inject arbitrary NGINX directives into generated data-plane configuration. The flaw lives in the control-plane config generator, which renders the serverTokens and extraAuthArgs fields into NGINX templates without escaping, so any tenant holding RBAC rights over these CRDs can rewrite the NGINX Plus config that gets deployed. There is no public exploit identified at time of analysis and EPSS is low (0.36%), but SSVC rates the technical impact as total.

Nginx Code Injection Nginx Gateway Fabric
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2024-4897 HIGH POC This Week

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Lollms Web Ui
NVD
CVSS 3.0
8.4
EPSS
0.4%
CVE-2024-34359 PyPI CRITICAL PATCH Act Now

llama-cpp-python is the Python bindings for llama.cpp. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Python
NVD GitHub
CVSS 3.1
9.6
EPSS
28.4%
CVE-2024-2952 PyPI CRITICAL POC PATCH MAL Act Now

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Litellm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2024-1883 MEDIUM This Month

This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.1
EPSS
61.5%
CVE-2024-1882 HIGH This Week

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-1221 LOW Monitor

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Papercut Mf Papercut Ng
NVD
CVSS 3.1
3.1
EPSS
0.5%
CVE-2024-21600 MEDIUM This Month

An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-1149 MEDIUM POC PATCH This Month

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVSS 8.7
HIGH PATCH This Week

Configuration injection in F5 NGINX Ingress Controller lets an authenticated Kubernetes user with rights to create or modify Ingress CRDs or annotations smuggle arbitrary NGINX directives into the generated configuration. Because multiple user-controllable fields are written to the config without sanitization, an attacker can inject directives that create or delete files and disable services on the control plane. No public exploit identified at time of analysis; this is a control-plane-only issue with no data plane exposure, but the CVSS 4.0 score of 8.7 (High) reflects strong confidentiality and integrity impact.

Nginx Kubernetes Code Injection +1
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Configuration injection in F5 NGINX Gateway Fabric lets an authenticated Kubernetes user who can create or modify NginxProxy or AuthenticationFilter Custom Resources inject arbitrary NGINX directives into generated data-plane configuration. The flaw lives in the control-plane config generator, which renders the serverTokens and extraAuthArgs fields into NGINX templates without escaping, so any tenant holding RBAC rights over these CRDs can rewrite the NGINX Plus config that gets deployed. There is no public exploit identified at time of analysis and EPSS is low (0.36%), but SSVC rates the technical impact as total.

Nginx Code Injection Nginx Gateway Fabric
NVD VulDB
EPSS 0% CVSS 8.4
HIGH POC This Week

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Lollms Web Ui
NVD
EPSS 28% CVSS 9.6
CRITICAL PATCH Act Now

llama-cpp-python is the Python bindings for llama.cpp. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Python
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Litellm
NVD GitHub
EPSS 61% CVSS 6.1
MEDIUM This Month

This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Papercut Mf Papercut Ng
NVD
EPSS 1% CVSS 7.2
HIGH This Week

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Papercut Mf Papercut Ng
NVD
EPSS 1% CVSS 3.1
LOW Monitor

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Papercut Mf +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Btcpay Server
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy