CWE-150

CWE-150

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

3

Critical

2

High

0

Medium

0

Low

0

Severity distribution

Recent CVEs

showing 3 of 3

CVE-2026-54057—18 h ago
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes
CVE-2026-11362Critical· 9.8EPSS 0%3 d ago
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The format_event method (used by th
CVE-2026-9270Critical· 9.1EPSS 0%3 d ago
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The send_stats method does not remove newlines from

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.