Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116

CVE-2025-12734 LOW

GitLab 15.6-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Cross-Site Scripting via Merge Request Title

CVE-2025-8405 HIGH

GitLab CE/EE <18.4.6-18.6.2 - Privilege Escalation

CVE-2025-42896 MEDIUM

SAP BusinessObjects BI Platform - Login Error URL Server-Side Request Forgery

CVE-2025-66548 LOW

Nextcloud Deck <1.12.7, 1.14.4, 1.15.1 - Info Disclosure

CVE-2025-9127 MEDIUM

Portworx 3.1.1-3.1.8 - Sensitive Information Exposure via Logging

CVE-2025-13742 MEDIUM

pretix < 2025.7.2 - Email Content Spoofing via Attendee Name Placeholder

CVE-2025-64325 CRITICAL

Emby Server <4.8.1.0-4.9.0.0-beta - Info Disclosure

CVE-2025-40547 CRITICAL

SolarWinds Serv-U < 15.5.3 - Authenticated Remote Code Execution

CVE-2025-11085 HIGH

FactoryTalk DataMosaix Private Cloud 7.11-8.00 - Stored Cross-Site Scripting

CVE-2025-63785 MEDIUM

Onlook 0.2.32 - DOM-based Cross-Site Scripting in Text Editor via innerHTML Injection

CVE-2025-61084 HIGH

MDaemon Mail Server 23.5.2 - Info Disclosure

CVE-2025-46583 MEDIUM

ZTE MC889A Pro - Denial of Service via Short Message Service Interface

CVE-2025-11713 HIGH

Firefox <144, Firefox ESR <140.4, Thunderbird <144, Thunderbird <14...

CVE-2025-11712 MEDIUM

Firefox < 144.0 and 140.4-140.* - Cross-Site Scripting via OBJECT Tag Type Attribute

CVE-2025-61912 MEDIUM

python-ldap < 3.4.5 - Denial of Service via Incorrect Null Byte Escaping in ldap.dn.escape_dn_chars()

CVE-2025-55903 HIGH

Perfex CRM 3.3.1 - HTML Injection in Estimate Module Bill To Address Field

CVE-2025-61773 HIGH

pyload-ng < 0.5.0b3.dev91 - Cross-Site Scripting via Captcha Script Endpoint and Click'N'Load Blueprint

CVE-2025-0607 MEDIUM

Logo Cloud < 2.57 - Phishing via Improper Output Encoding

CVE-2025-60787 HIGH

MotionEye <= 0.43.1b4 - Authenticated Configuration Command Injection

CVE-2025-59936 CRITICAL

get-jwks < 11.0.2 - JWKS Cache Poisoning via Issuer Validation Bypass

CVE-2025-57880 MEDIUM

BlueSpice 5.0-5.1.1 - Cross-Site Scripting in BlueSpiceWhoIsOnline Extension

CVE-2025-48007 MEDIUM

BlueSpice 5.0-5.1.1 - Cross-Site Scripting in BlueSpiceAvatars Extension

CVE-2025-46703 MEDIUM

BlueSpice 5.0-5.1.1 - Cross-Site Scripting in AtMentions Extension

CVE-2025-8276 MEDIUM

Patika Global Technologies HumanSuite <53.21.0 - XSS

CVE-2025-55730 CRITICAL

xwiki-pro-macros 1.0-1.26.4 - Remote Code Execution via Confluence Paste Code Macro Title

Previous Page 5 of 18 Next

Details

Vulnerabilities 446

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy