CWE-140 - Improper Neutralization of Delimiters

Home/CWEs/CWE info/

CWE-140

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Improper Neutralization of Delimiters

Description: The product does not neutralize or incorrectly neutralizes delimiters.

Common Consequences: Scope: Integrity
Impact: Unexpected State

Related Weaknesses: CWE-138Improper Neutralization of Special Elements

Release Date:
2006-07-19

Latest Modification Date:
2023-10-26

Top Security News

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Truist Bank confirms breach after stolen data shows up on hacking forum

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Microsoft SharePoint RCE bug exploited to breach corporate network

CISA proposes new security requirements to protect govt, personal data

LiteSpeed Cache WordPress plugin bug lets hackers get admin access

DDoS site Dstat.cc seized and two suspects arrested in Germany

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Common Alerts

InformationalStorable but Non-Cacheable Content

HighPath Traversal

InformationalNon-Storable Content

LowInformation Disclosure - Sensitive Information in Browser localStorage

MediumHTTPS to HTTP Insecure Transition in Form Post

HighSpring4Shell

InformationalCross Site Scripting (Persistent) - Prime

InformationalSec-Fetch-User Header Has an Invalid Value

InformationalStrict-Transport-Security Header on Plain HTTP Response

LowServer Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

Latest CVE List

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability

CVE-2024-40711 Veeam Backup and Replication Deserialization Vulnerability

CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability

CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability

Common CWEs

CWE-420 Unprotected Alternate Channel

CWE-822 Untrusted Pointer Dereference

CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes

CWE-1190 DMA Device Enabled Too Early in Boot Phase

LowCWE-263 Password Aging with Long Expiration

CWE-1303 Non-Transparent Sharing of Microarchitectural Resources

HighCWE-121 Stack-based Buffer Overflow

CWE-841 Improper Enforcement of Behavioral Workflow

CWE-685 Function Call With Incorrect Number of Arguments

CWE-561 Dead Code

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-140 - Improper Neutralization of Delimiters

The product does not neutralize or incorrectly neutralizes delimiters.