CWE-76— Improper Neutralization of Equivalent Special Elements
The product correctly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.— MITRE CWE catalog
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-76page 1 of 1
- CVE-2023-0493MEDIUMCVSS 5.3EG 5.32023-01-26
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
- CVE-2023-1149MEDIUMCVSS 5.4EG 5.42023-03-02
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0.
- CVE-2024-1221LOWCVSS 3.1EG 3.12024-03-14
This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token…
- CVE-2024-1882HIGHCVSS 7.2EG 7.22024-03-14
This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.
- CVE-2024-1883MEDIUMCVSS 6.3EG 6.32024-03-14
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious l…
- CVE-2024-21600MEDIUMCVSS 6.5EG 6.52024-01-12
An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When…
- CVE-2024-2952CRITICALCVSS 9.8EG 9.82024-04-10
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` f…
- CVE-2024-34359CRITICALCVSS 9.6EG 9.62024-05-14
llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` constructor built in the `Llama` takes several pa…
- CVE-2024-4897HIGHCVSS 8.4EG 8.42024-07-02
parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llama_cpp_python-0.2.61+cpuavx2-cp311-cp311-manylinux_2_31_x86_64. The vulnerability arises from…
- CVE-2026-11311MEDIUMCVSS 6.5EG 8.12026-06-17
When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Res…
- CVE-2026-28292CRITICALCVSS 9.8EG 9.82026-03-10
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remot…
Map vulnerabilities like CWE-76 to your infrastructure
EchelonGraph correlates every CVE — across CWE-76 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →