CWE-116
High likelihoodImproper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
374 vulnerabilities with CWE-116
CVE-2026-28350
MEDIUM
lxml_html_clean <0.4.4 - Auth Bypass
CVSS 6.1
CVE-2026-28348
MEDIUM
lxml_html_clean <0.4.4 - XSS
CVSS 6.1
CVE-2026-27812
CRITICAL
Sub2API <0.1.85 - Auth Bypass
CVSS 9.1
CVE-2026-21443
MEDIUM
OpenEMR <8.0.0 - XSS
CVSS 6.1
CVE-2026-27512
MEDIUM
Tenda F3 V12.01.01.55 - XSS
CVSS 6.1
CVE-2026-27469
MEDIUM
Isso <0afbfe0 - Stored XSS
CVSS 6.1
CVE-2026-27169
HIGH
OpenSift <=1.1.2-alpha - XSS
CVSS 8.9
CVE-2026-27016
MEDIUM
LibreNMS 24.10.0-26.1.1 - Stored XSS
CVSS 5.4
CVE-2026-26953
MEDIUM
Pi-hole Admin Interface 6.0+ - XSS
CVSS 5.4
CVE-2026-26952
MEDIUM
Pi-hole Admin Interface <6.4 - XSS
CVSS 5.4
CVE-2026-27013
HIGH
Fabric.js <7.2.0 - Code Injection
CVSS 7.6
CVE-2026-25940
HIGH
jsPDF <4.2.0 - Code Injection
CVSS 8.1
CVE-2026-25755
HIGH
jsPDF <4.2.0 - Code Injection
CVSS 8.1
CVE-2026-25230
MEDIUM
FileRise <3.3.0 - Code Injection
CVSS 4.6
CVE-2025-15312
MEDIUM
Tanium Appliance - Info Disclosure
CVSS 6.6
CVE-2026-25543
MEDIUM
Nuget Htmlsanitizer < 9.0.892 - XSS
CVSS 6.1
CVE-2026-24737
HIGH
jsPDF <4.1.0 - Code Injection
CVSS 8.1
CVE-2025-66488
MEDIUM
Discourse <3.5.4-2026.1.0 - Info Disclosure
CVSS 4.6
CVE-2026-0818
MEDIUM
Mozilla Thunderbird < 140.7.1 - Information Disclosure
CVSS 4.3
CVE-2026-24439
MEDIUM
Shenzhen Tenda W30E V2 <16.01.0.19(5037) - XSS
CVSS 6.5
CVE-2026-24127
MEDIUM
Typemill <2.19.1 - XSS
CVSS 5.4
CVE-2026-23630
MEDIUM
Docmost 0.3.0-0.23.2 - XSS
CVSS 5.4
CVE-2026-22792
CRITICAL
5ire <0.15.3 - XSS
CVSS 9.6
CVE-2026-23880
HIGH
OnboardLite <commit 1d32081a66f21bcf41df1ecb672490b13f6e429f - XSS
CVSS 7.3
CVE-2026-1011
MEDIUM
Altium Live < 1.1.1.39 - XSS
CVSS 6.1
Details
Vulnerabilities
374
Exploit Likelihood
High