Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116

CVE-2024-9348 HIGH

Docker Desktop < 4.34.3 - Remote Code Execution via GitHub Source Link in Build View

CVE-2024-45219 HIGH

Apache CloudStack <4.18.2.3-4.19.1.1 - Info Disclosure

CVE-2024-47845 HIGH

The Wikimedia Foundation Mediawiki - CSS Extension <1.39.9-1.41.3-1...

CVE-2024-47528 MEDIUM

LibreNMS < 24.9.0 - Stored Cross-Site Scripting via Custom Map Background SVG Upload

CVE-2024-47531 MEDIUM

Scout < 4.89 - Unauthenticated Arbitrary File Download via Filename Sanitization Bypass

CVE-2024-4099 LOW

GitLab EE <17.2.8-17.3.4-17.4.1 - Info Disclosure

CVE-2024-45808 MEDIUM

Envoy <1.31.2-1.28.7 - Code Injection

CVE-2024-7873 CRITICAL

Veribilim Software Veribase Order <4.010.3 - XSS

CVE-2024-45498 HIGH

Apache Airflow <2.10.0 - Command Injection

CVE-2024-45299 MEDIUM

alf < 2.0-m5 - Cross-Site Scripting via Preloaded Data JSON

CVE-2024-8297 MEDIUM

Kitsada8621 Digital Library Management System <1.0 - Info Disclosure

CVE-2024-34739 HIGH

Android - Local Privilege Escalation via UsbProfileGroupSettingsManager Logic Error

CVE-2024-38177 HIGH

Windows App Installer - Path Traversal

CVE-2024-6329 MEDIUM

GitLab CE/EE <17.0.6-17.2.2 - Info Disclosure

CVE-2024-39682 MEDIUM

Cooked < 1.8.0 - Authenticated HTML Injection via Insufficient Input Sanitization

CVE-2024-39736 MEDIUM

IBM Datacap Navigator 9.1.5-9.1.9 - HTTP Header Injection via HOST Header

CVE-2024-39929 MEDIUM

Exim < 4.97.1 - Improper Encoding or Escaping of Output via Multiline RFC 2231 Header Filename

CVE-2024-38475 CRITICAL KEV

Apache HTTP Server < 2.4.60 - Remote Code Execution via mod_rewrite Unsafe Substitution

CVE-2024-38474 CRITICAL

Apache HTTP Server < 2.4.60 - Script Execution via mod_rewrite Substitution Encoding Issue

CVE-2024-38473 HIGH

Apache HTTP Server <2.4.60 - Open Redirect

CVE-2024-27629 HIGH

dcm2niix < 1.0.20240202 - OS Command Injection via Filename Escaping

CVE-2024-35225 CRITICAL

Jupyter Server Proxy 3.0.0-3.2.3 and 4.0.0-4.1.9 - Reflected Cross-Site Scripting via Host Path Segment

CVE-2024-5585 HIGH

PHP <8.1.29, 8.2.*<8.2.20, 8.3.*<8.3.8 - Command Injection

CVE-2024-4177 HIGH

Bitdefender GravityZone < 6.38.1-2 - Server-Side Request Forgery via Host Whitelist Parser

CVE-2024-34715 LOW

Fides < 2.37.0 - Sensitive Information Exposure in Database Password Logs

Previous Page 8 of 18 Next

Details

Vulnerabilities 446

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy