Weaknesses of type CWE-116
285 resultsCVE-2024-10441CRITICALImproper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and SynolEPSS 1.1%CVE-2023-26472CRITICALXWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profileEPSS 1.1%CVE-2022-40870HIGHThe Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackEPSS 1.0%CVE-2018-8920MEDIUMImproper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attacEPSS 1.0%CVE-2024-52006LOWNewline confusion in credential helpers can lead to credential exfiltration in gitEPSS 1.0%CVE-2021-41132CRITICALInconsistent input sanitisation leads to XSS vectorsEPSS 1.0%CVE-2022-23603CRITICALCode injection in iTunesRPC-Remastered EPSS 1.0%CVE-2022-29258HIGHCross-site Scripting in Filter Stream Converter Application in XWiki PlatformEPSS 0.9%CVE-2022-29252HIGHCross-site Scripting in XWiki Platform Wiki UI Main WikiEPSS 0.9%CVE-2023-48655CRITICALAn issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parametEPSS 0.9%CVE-2023-40453—Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentiallyEPSS 0.9%CVE-2024-29894MEDIUMCacti Cross-site Scripting vulnerability when using JavaScript based messaging APIEPSS 0.9%CVE-2023-28101MEDIUMFlatpak metadata with ANSI control codes can cause misleading terminal outputEPSS 0.9%CVE-2021-23205HIGHImproper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers EPSS 0.9%CVE-2022-46387CRITICALConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to chEPSS 0.9%CVE-2026-35582HIGHEmissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in ExecutrixEPSS 0.9%CVE-2026-34480MEDIUMApache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden charactersEPSS 0.9%CVE-2024-38177HIGHWindows App Installer Spoofing VulnerabilityEPSS 0.9%CVE-2026-56379NONEImageMagick - Command Injection via SVG DecoderEPSS 0.8%CVE-2023-3668CRITICALImproper Encoding or Escaping of Output in froxlor/froxlorEPSS 0.8%