Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116

CVE-2025-55729 CRITICAL

xwiki-pro-macros 1.0-1.26.4 - Remote Code Execution via ConfluenceLayoutSection Macro

CVE-2025-56266 CRITICAL

Avigilon Access Control Manager 7.10.0.20 - Remote Code Execution via Host Header Injection

CVE-2025-0083 MEDIUM

Multiple Locations - Info Disclosure

CVE-2025-34141 MEDIUM

ETQ Reliance CG (legacy) < SE.2025.1 - Reflected Cross-Site Scripting in SQLConverterServlet

CVE-2025-6429 MEDIUM

Firefox < 140.0 and 128.12-128.* - URL Parsing Bypass via Embed Tag

CVE-2025-49013 CRITICAL

WilderForge - Remote Code Execution via GitHub Actions Workflow Injection

CVE-2025-48062 HIGH

Discourse <3.4.4, <3.5.0.beta5, <3.5.0.beta6-dev - XSS

CVE-2025-25029 MEDIUM

IBM Security Guardium 12.0 - Info Disclosure

CVE-2025-5271 MEDIUM

Firefox < 139.0 - Content Injection via Devtools Response Preview

CVE-2025-3942 MEDIUM

Tridium Niagara <4.14.2-4.15.1-4.10.11 - Input Data Manipulation

CVE-2025-1308 HIGH

Pure Storage PX Backup 1.0.0-2.5.9, 2.7.0-2.7.2, 2.8.0 - Information Exposure via Logging

CVE-2025-47280 MEDIUM

Umbraco Forms <13.4.2-15.1.2 - Info Disclosure

CVE-2025-46340 HIGH

Misskey 12.0.0-2025.4.1 - CSS Injection via UrlPreviewService and MkUrlPreview

CVE-2025-32974 CRITICAL

XWiki 15.9-15.10.7 and 16.0.0-16.1.0 - Privilege Escalation via TextArea Default Content Type

CVE-2025-24338 HIGH

Bosch Rexroth ctrlX OS <2.6.0 Authenticated Stored XSS via Manages App Data

CVE-2025-46347 CRITICAL

YesWiki < 4.5.4 - Remote Code Execution via Arbitrary File Write

CVE-2025-4084 MEDIUM

Firefox <128.10 - Local Code Execution

CVE-2025-31651 CRITICAL

Apache Tomcat 9.0.0-9.0.102, 10.1.0-M1-10.1.39, 11.0.0-M1-11.0.5 - Security Constraint Bypass

CVE-2025-23377 MEDIUM

Dell PowerProtect Data Manager Reporting <19.18 - XSS

CVE-2025-32078 MEDIUM

Mediawiki - Version Compare Ext <1.43 - XSS

CVE-2025-32074 MEDIUM

Mediawiki - Confirm Account Ext <1.39-1.43 - XSS

CVE-2025-32072 MEDIUM

The Wikimedia Foundation Mediawiki Core - Feed Utils <1.44 - Code I...

CVE-2025-30657 MEDIUM

Juniper Junos OS DoS via Malformed BGP Update Message

CVE-2025-30345 LOW

OpenSlides < 4.2.5 - Cross-Site Scripting via Chat Group Name

CVE-2025-1795 LOW

CPython Email Header Injection via Address List Folding

Previous Page 6 of 18 Next

Details

Vulnerabilities 446

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy