Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

414 vulnerabilities with CWE-116

CVE-2026-26027 HIGH

GLPI has an Unauthenticated Stored XSS via inventory

CVE-2026-25932 HIGH

GLPI has Stored XSS in Supplier 'Website' field

CVE-2026-33941 HIGH

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

CVE-2026-33758 MEDIUM

OpenBao has Reflected XSS in its OIDC authentication error message

CVE-2026-33628 MEDIUM

Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

CVE-2026-32986 MEDIUM

Textpattern CMS 4.9.0: Second-Order XSS via Atom Feed Injection

CVE-2026-32811 HIGH

Heimdall: Path received via Envoy gRPC corrupted when containing query string

CVE-2026-29106 MEDIUM

SuiteCRM has blind XSS in return_id parameter

CVE-2026-32754 CRITICAL

FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!})

CVE-2026-33301 HIGH

OpenEMR has arbitrary image file read via PDF generator

CVE-2026-31898 HIGH

jsPDF has a PDF Object Injection via FreeText color

CVE-2026-28499 MEDIUM

LeafKit's HTML escaping may be skipped for Collection values, enabling XSS

CVE-2026-3644 MEDIUM

Incomplete control character validation in http.cookies

CVE-2026-31859 MEDIUM

Craft CMS - XSS

CVE-2026-28350 MEDIUM

lxml_html_clean <0.4.4 - Auth Bypass

CVE-2026-28348 MEDIUM

lxml_html_clean <0.4.4 - XSS

CVE-2026-27812 CRITICAL

Sub2API <0.1.85 - Auth Bypass

CVE-2026-21443 MEDIUM

OpenEMR <8.0.0 - XSS

CVE-2026-27512 MEDIUM

Tenda F3 V12.01.01.55 - XSS

CVE-2026-27469 MEDIUM

Isso <0afbfe0 - Stored XSS

CVE-2026-27169 HIGH

OpenSift <=1.1.2-alpha - XSS

CVE-2026-27016 MEDIUM

LibreNMS 24.10.0-26.1.1 - Stored XSS

CVE-2026-26953 MEDIUM

Pi-hole Admin Interface 6.0+ - XSS

CVE-2026-26952 MEDIUM

Pi-hole Admin Interface <6.4 - XSS

CVE-2026-27013 HIGH

Fabric.js <7.2.0 - Code Injection

Previous Page 2 of 17 Next

Details

Vulnerabilities 414

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy