Weaknesses of type CWE-116
285 resultsCVE-2026-33436LOWStirling-PDF: Reflected XSS through crafted filename in file upload functionalityEPSS 0.2%CVE-2026-35534HIGHChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute InjectionEPSS 0.2%CVE-2026-44429MEDIUMMCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`EPSS 0.2%CVE-2025-57880MEDIUMPotential XSS in Extension:BlueSpiceWhoIsOnlineEPSS 0.2%CVE-2023-28738HIGHImproper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalatioEPSS 0.2%CVE-2026-12047MEDIUMpgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception textEPSS 0.2%CVE-2026-32986MEDIUMTextpattern CMS 4.9.0: Second-Order XSS via Atom Feed InjectionEPSS 0.2%CVE-2026-0818MEDIUMCSS-based exfiltration of the content from partially encrypted emails when allowing remote contentEPSS 0.2%CVE-2026-40011LOWPrometheus denial of service via crafted DNS queriesEPSS 0.2%CVE-2026-44713HIGHpam_usb: Command injection via $TMUX environment variable leads to RCE as rootEPSS 0.2%CVE-2025-13742LOWLimited HTML injection in emailsEPSS 0.2%CVE-2026-41426MEDIUMpretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templatesEPSS 0.2%CVE-2026-29106MEDIUMSuiteCRM has blind XSS in return_id parameterEPSS 0.1%CVE-2026-52846MEDIUMCaddy: stripHTML template function bypassEPSS 0.1%CVE-2026-8795HIGHA YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostnamEPSS 0.1%CVE-2023-3481MEDIUMXSS in Chrome Lab CrittersEPSS 0.1%CVE-2026-48598LOWCRLF injection in Tesla.Multipart disposition parameters allows multipart part header injectionEPSS 0.1%CVE-2026-21443LOWOpenEMR allows inconsistent escaping of translation function outputEPSS 0.1%CVE-2025-1308HIGHPX Backup Improper Sanitization VulnerabilityEPSS 0.1%CVE-2025-23377MEDIUMDell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A higEPSS 0.1%