Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116

CVE-2026-27512 MEDIUM

Tenda F3 Firmware < 12.01.01.55_multi - Reflected Script Execution via Missing nosniff Header

CVE-2026-27469 MEDIUM

Isso < 0.13.2 - Stored Cross-Site Scripting via Website and Author Comment Fields

CVE-2026-27169 HIGH

OpenSift < 1.1.3-alpha - Stored Cross-Site Scripting via Unsafe HTML Interpolation

CVE-2026-27016 MEDIUM

LibreNMS 24.10.0-26.1.1 - Stored XSS

CVE-2026-26953 MEDIUM

Pi-hole Web Interface 6.0-6.4.1 - Authenticated Stored HTML Injection via X-Forwarded-For Header

CVE-2026-26952 MEDIUM

Pi-hole web_interface < 6.4.1 - Authenticated Stored HTML Injection via DNS Records Configuration

CVE-2026-27013 HIGH

fabric.js < 7.2.0 - Stored Cross-Site Scripting via SVG Export

CVE-2026-25940 HIGH

jspdf < 4.2.0 - Arbitrary PDF Object Injection via Acroform Module

CVE-2026-25755 HIGH

jsPDF < 4.2.0 - Code Injection via addJS Method

CVE-2026-25230 MEDIUM

FileRise < 3.3.0 - Authenticated HTML Injection via DOM Manipulation

CVE-2026-25543 MEDIUM

HtmlSanitizer < 9.0.892 - Cross-Site Scripting via Template Tag

CVE-2026-24737 HIGH

jsPDF < 4.1.0 - Arbitrary PDF Object Injection via Acroform Module

CVE-2026-0818 MEDIUM

Thunderbird < 140.7.1 and 140.* < 140.7.1 and < 147.0.1 - Information Disclosure via CSS and Remote Content

CVE-2026-24439 MEDIUM

Shenzhen Tenda W30E V2 <16.01.0.19(5037) - XSS

CVE-2026-24127 MEDIUM

typemill < 2.19.2 - Reflected Cross-Site Scripting via Login Error Template

CVE-2026-23630 MEDIUM

docmost 0.3.0-0.23.2 - Stored Cross-Site Scripting via Mermaid Diagram Rendering

CVE-2026-22792 CRITICAL

5ire < 0.15.3 - Remote Code Execution via Unsafe HTML Rendering

CVE-2026-23880 HIGH

OnboardLite <commit 1d32081a66f21bcf41df1ecb672490b13f6e429f - XSS

CVE-2026-1011 MEDIUM

Altium Live < 1.1.1.39 - Stored Cross-Site Scripting via AddComment Endpoint

CVE-2026-22712 MEDIUM

Mediawiki - ApprovedRevs Extension <1.45 - XSS

CVE-2025-12697 LOW

GitLab 15.5-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Authenticated Datadog API Credential Exposure

CVE-2025-15312 MEDIUM

Tanium TanOS 1.8.3-1.8.3.0146 - Improper Output Sanitization

CVE-2025-66488 MEDIUM

Discourse <3.5.4-2026.1.0 - Info Disclosure

CVE-2025-59158 HIGH

Coolify <= 4.0.0-beta.420.6 - Authenticated Stored Cross-Site Scripting via Project Name

CVE-2025-68460 HIGH

Roundcube Webmail < 1.5.12 and 1.6 < 1.6.12 - Information Disclosure via HTML Style Sanitizer

Previous Page 4 of 18 Next

Details

Vulnerabilities 446

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy