CWE-140: CWE-140

Total CVEs

Critical

High

7.0

Avg CVSS

Yearly Trend

2025

2024

2023

Top Affected Vendors

1 Checkmk 3

2 Sangoma 1

3 Nagvis 1

4 Cesanta 1

5 Fish Shop 1

6 Tribe29 1

All CWE-140 CVEs (7)

CVE-2025-32918

8.8

This vulnerability allows authenticated users to inject arbitrary Livestatus commands through the RestAPI autocomplete endpoint in Checkmk. Attackers ...

Jul 4, 2025

CVE-2023-31208

8.3

This vulnerability allows authorized users of Checkmk's RestAPI to execute arbitrary livestatus commands due to improper input sanitization. Attackers...

May 17, 2023

CVE-2025-47779

7.7

This vulnerability in Asterisk PBX allows authenticated attackers to spoof user identities when sending SIP MESSAGE requests, enabling them to send sp...

May 22, 2025

CVE-2023-6156

7.6

This vulnerability allows authorized users of Checkmk to execute arbitrary livestatus commands by exploiting improper neutralization of command delimi...

Nov 22, 2023

CVE-2024-38866

7.5

CVE-2024-38866 is an input validation vulnerability in Nagvis that allows livestatus injection attacks. Attackers can inject malicious commands into N...

May 27, 2025

CVE-2024-42482

4.8

CVE-2024-42482 is a command injection vulnerability in the fish-shop/syntax-check GitHub Action that allows attackers to execute arbitrary commands on...

Aug 12, 2024

CVE-2024-42392

4.0

This vulnerability in Cesanta Mongoose Web Server v7.14 allows attackers to trigger an infinite loop by sending input with unexpected characters. This...

Nov 18, 2024

About CWE-140 (CWE-140)

Our database tracks 7 CVEs classified as CWE-140, with 0 rated critical and 5 rated high severity. The average CVSS score for CWE-140 vulnerabilities is 7.0.

External reference: View CWE-140 on MITRE CWE →

Monitor CWE-140 Vulnerabilities

Get alerted when new CWE-140 CVEs affect your infrastructure.

Start Monitoring Free