Weaknesses of type CWE-116
285 resultsCVE-2021-32812MEDIUMImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') and Improper Encoding or Escaping of Output in frontend/server/server.jsEPSS 0.8%CVE-2025-46347MEDIUMYesWiki Remote Code Execution via Arbitrary PHP File Write and ExecutionEPSS 0.8%CVE-2025-40547CRITICALSolarWinds Serv-U Logic Abuse - Remote Code Execution VulnerabilityEPSS 0.8%CVE-2024-58266LOWThe shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injEPSS 0.8%CVE-2019-3571—An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that woEPSS 0.8%CVE-2026-40021MEDIUMApache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden charactersEPSS 0.8%CVE-2024-29156MEDIUMIn OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to saEPSS 0.7%CVE-2023-29541HIGHFirefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commEPSS 0.7%CVE-2024-55663HIGHXWiki Platform has an SQL injection in getdocuments.vm with sort parameterEPSS 0.7%CVE-2024-45299MEDIUMalf.io's preloaded data as json is not escaped correctlyEPSS 0.7%CVE-2026-22792CRITICAL5ire vulnerable to Remote Code Execution (RCE)EPSS 0.7%CVE-2023-35941HIGHEnvoy vulnerable to OAuth2 credentials exploit with permanent validityEPSS 0.7%CVE-2024-40088MEDIUMA Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers toEPSS 0.7%CVE-2025-55730CRITICALXWiki Remote Macros vulnerable to remote code execution using the confluence paste code macroEPSS 0.7%CVE-2025-55729CRITICALXWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macroEPSS 0.7%CVE-2024-27938MEDIUMSMTP Smuggling in PostalEPSS 0.7%CVE-2022-36392HIGHImproper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94,EPSS 0.6%CVE-2024-50349LOWGit does not sanitize URLs when asking for credentials interactivelyEPSS 0.6%CVE-2026-25755HIGHjsPDF has PDF Object Injection via Unsanitized Input in addJS MethodEPSS 0.6%CVE-2025-49013CRITICALWilderForge vulnerable to code Injection via GitHub Actions WorkflowsEPSS 0.6%