Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116

CVE-2025-27109 HIGH

solid-js < 1.9.4 - Cross-Site Scripting via Inlined JSX Fragment

CVE-2025-27108 HIGH

dom-expressions < 0.39.5 - Cross-Site Scripting via Special Replacement Patterns in .replace()

CVE-2025-24025 MEDIUM

Coolify < 4.0.0-beta.380 - Cross-Site Scripting via Tags Search Query

CVE-2025-23207 MEDIUM

KaTeX 0.12.0-0.16.20 - Cross-Site Scripting via \htmlData Command

CVE-2024-58266 LOW

shlex < 1.2.1 - Command Injection via Unquoted Brace and Non-Breaking Space Characters

CVE-2024-56524 CRITICAL

Radware Cloud WAF <2025-05-07 - Auth Bypass

CVE-2024-9606 HIGH

berriai/litellm <1.44.12 - Info Disclosure

CVE-2024-50629 MEDIUM

Synology BeeStation OS <1.1-65374 & DSM <7.1.1-42962-7,7.2-64570-4,...

CVE-2024-10441 CRITICAL

Synology BeeStation OS <1.1-65374 & DSM <7.2-64570-4, 7.2.1-69057-6...

CVE-2024-49355 MEDIUM

IBM OpenPages with Watson <9.0 - Info Disclosure

CVE-2024-56473 MEDIUM

IBM Aspera Shares 1.9.0-1.10.0 PL6 - IP Address Spoofing via Client-IP Header

CVE-2024-56277 MEDIUM

Poll Maker < 5.5.5 - HTML Injection

CVE-2024-52005 HIGH

Git < 2.40.4 - Terminal Control Sequence Injection via Sideband Channel

CVE-2024-52006 HIGH

Git < 2.40.4 - Command Injection via Carriage Return Character

CVE-2024-50349 MEDIUM

Git < 2.40.4 - Terminal Credential Prompt Spoofing via ANSI Escape Sequences

CVE-2024-52891 MEDIUM

IBM Concert Software <1.0.4 - Info Disclosure

CVE-2024-9427 MEDIUM

Koji 1.35.0 - Reflected Cross-Site Scripting via Unsanitized Input

CVE-2024-55663 CRITICAL

XWiki Platform <13.10.5-14.3-rc-1 - SQL Injection

CVE-2024-46547 HIGH

Romain Bourdon Wampserver - Info Disclosure

CVE-2024-46901 LOW

Apache Subversion <1.14.4 - Info Disclosure

CVE-2024-42332 LOW

Zabbix 6.0.0-6.0.35 - SNMP Trap Log Forgery via Malformed Trap Data

CVE-2024-10006 HIGH

Consul 1.4.1-1.20.0 and 1.9.0-1.15.14 - HTTP Header Bypass via L7 Traffic Intentions

CVE-2024-47549 HIGH

Sharp/Toshiba Tec MFPs - XSS

CVE-2024-47224 MEDIUM

Mitel MiCollab <9.8.1.201 - CRLF Injection

CVE-2024-40088 MEDIUM

Vilo 5 Mesh WiFi System <= 5.16.1.33 - Path Traversal

Previous Page 7 of 18 Next

Details

Vulnerabilities 446

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy