CWE-140 - Improper Neutralization of Delimiters
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-10-26
Weakness Name
Improper Neutralization of Delimiters
Description
The product does not neutralize or incorrectly neutralizes delimiters.
Common Consequences
Scope: Integrity
Impact: Unexpected State
Related Weaknesses
Coinbase was primary target of recent GitHub Actions breaches
Oracle denies breach after hacker claims theft of 6 million data records
Fake Semrush ads used to steal SEO professionals’ Google accounts
Microsoft: Exchange Online bug mistakenly quarantines user emails
UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools
Steam pulls game demo infecting Windows with info-stealing malware
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability
CVE-2025-26633 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2025-24984 Microsoft Windows NTFS Information Disclosure Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
HighPII Disclosure