Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116

CVE-2024-4420 HIGH

Tink-cc < 2.1.3 - Denial of Service via Malformed JSON Input

CVE-2024-34355 LOW

TYPO3 13.0.0-13.1.0 - Authenticated HTML Injection in History Backend Module

CVE-2024-29894 MEDIUM

Cacti < 1.2.27 - Stored Cross-Site Scripting via Unescaped PHP Variables

CVE-2024-34510 HIGH

Gradio < 4.20.0 - Credential Leakage on Windows

CVE-2024-1874 CRITICAL

PHP <8.1.28, 8.2.*<8.2.18, 8.3.*<8.3.5 - Command Injection

CVE-2024-31866 CRITICAL

Apache Zeppelin 0.8.2-0.11.0 - Remote Code Execution via Configuration Override

CVE-2024-22356 MEDIUM

IBM App Connect Enterprise <12.0.9.0 - Info Disclosure

CVE-2024-28245 MEDIUM

KaTeX 0.11.0-0.16.9 - Cross-Site Scripting via \\includegraphics

CVE-2024-29156 MEDIUM

OpenStack Murano <16.0.0 - Info Disclosure

CVE-2024-27938 MEDIUM

Postal < 3.0.0 - SMTP Smuggling via Non-Compliant End of DATA Sequence

CVE-2024-21499 MEDIUM

github.com/greenpau/caddy-security - HTTP Header Injection

CVE-2024-0690 MEDIUM

ansible-core < 2.14.14 - Information Disclosure via ANSIBLE_NO_LOG Bypass

CVE-2024-1064 HIGH

Crafty Controller 4.0.0-4.2.2 - Unauthenticated Denial of Service via Host Header Injection

CVE-2024-0987 MEDIUM

Sichuan Yougou Technology KuERP <1.0.4 - Info Disclosure

CVE-2024-22229 LOW

Dell Unity Operating Environment - Authenticated Log Spoofing via Improper Output Encoding

CVE-2024-0233 MEDIUM

EventON WordPress plugin < 2.2.7 - Reflected Cross-Site Scripting

CVE-2024-22199 CRITICAL

gofiber/template < 3.1.9 - Cross-Site Scripting via Autoescape Bypass

CVE-2023-35894 MEDIUM

IBM Sterling Control Center 6.2.1-6.3.1 - HTTP Header Injection via HOST Header

CVE-2023-28362 MEDIUM

Rails - Open Redirect

CVE-2023-45359 MEDIUM

MediaWiki Vector Skin < 1.39.5 and 1.40.0 - Cross-Site Scripting in Table of Contents Toggle Button

CVE-2023-26289 MEDIUM

IBM Aspera Orchestrator 4.0.1 - HTTP Header Injection

CVE-2023-28952 MEDIUM

IBM Cognos Controller <11.0.0 - Command Injection

CVE-2023-47143 CRITICAL

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0-7.3.0.10 - HTTP Header Injection via HOST Header

CVE-2023-28738 HIGH

Intel NUC BIOS <JY0070 - Privilege Escalation

CVE-2023-7234 MEDIUM

OPCUAServerToolkit - Info Disclosure

Previous Page 9 of 18 Next

Details

Vulnerabilities 446

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy