The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
102 vulnerabilities with CWE-184
CVE-2025-1484
MEDIUM
Asset Suite - XSS
CVSS 6.5
CVE-2025-46417
HIGH
Picklescan <0.0.25 - Info Disclosure
CVSS 7.5
CVE-2025-29822
HIGH
Microsoft Office OneNote - Info Disclosure
CVSS 7.8
CVE-2025-1716
CRITICAL
picklescan <0.0.21 - Code Injection
CVSS 9.8
CVE-2024-54149
HIGH
Winter CMS <1.2.7, 1.1.11, 1.0.476 - Auth Bypass
CVSS 8.4
CVE-2024-52595
HIGH
Fedoralovespython Lxml Html Clean < 0.4.0 - XSS
CVSS 7.7
CVE-2024-51745
CRITICAL
Wasmtime - Path Traversal
CVSS 10.0
CVE-2024-32152
LOW
Anki 24.04 - Path Traversal
CVSS 3.1
CVE-2024-5217
CRITICAL
KEV
ServiceNow - RCE
CVSS 9.8
CVE-2024-5178
MEDIUM
ServiceNow - Info Disclosure
CVSS 4.9
CVE-2024-30103
HIGH
Microsoft Outlook - RCE
CVSS 8.8
CVE-2024-23336
MEDIUM
Mybb < 1.8.38 - SSRF
CVSS 5.0
CVE-2024-20278
MEDIUM
Cisco IOS XE - Privilege Escalation
CVSS 6.5
CVE-2024-28246
MEDIUM
KaTeX - Code Injection
CVSS 5.5
CVE-2023-45593
MEDIUM
AiLux imx6 <imx6_1.0.7-2 - Info Disclosure
CVSS 6.8
CVE-2023-45133
CRITICAL
Babel <7.23.2, 8.0.0-alpha.4 - RCE
CVSS 9.3
CVE-2023-3374
CRITICAL
Unisign Bookreen <3.0.0 - Privilege Escalation
CVSS 9.8
CVE-2023-40037
MEDIUM
Apache NiFi <1.23.1 - Auth Bypass
CVSS 6.5
CVE-2023-23844
HIGH
SolarWinds Platform - Privilege Escalation
CVSS 7.2
CVE-2023-34253
HIGH
Grav < 1.7.42 - Remote Code Execution
CVSS 8.8
CVE-2023-34252
HIGH
Grav < 1.7.42 - Remote Code Execution
CVSS 8.8
CVE-2023-2017
HIGH
Shopware 6 <= v6.4.20.0,v6.5.0.0-rc1 <= v6.5.0.0-rc4 - Code Injection
CVSS 8.8
CVE-2023-29003
HIGH
SvelteKit <1.15.1 - Auth Bypass
CVSS 8.8
CVE-2022-50238
HIGH
Microsoft - Info Disclosure
CVSS 7.4
CVE-2022-34888
LOW
Remote Mount - SSRF
CVSS 2.7
Details
Vulnerabilities
102