Falhas do tipo CWE-116
285 resultadosCVE-2025-11712MEDIUMAn OBJECT tag type attribute overrode browser behavior on web resources without a content-typeEPSS 0.3%CVE-2023-37875LOWCross-Site Scripting Vulnerability in Wing FTP Server <= 7.2.0EPSS 0.2%CVE-2025-5271MEDIUMDevtools' preview ignored CSP headersEPSS 0.2%CVE-2018-9433CRITICALIn ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote cEPSS 0.2%CVE-2026-27812HIGHSub2API Vulnerable to Password Reset Poisoning via Host Header Trust Issue, Leading to Account TakeoverEPSS 0.2%CVE-2025-68460HIGHRoundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.EPSS 0.2%CVE-2026-23630MEDIUMDocmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid renderingEPSS 0.2%CVE-2026-26028MEDIUMCryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary HTML Injection and Potential XSSEPSS 0.2%CVE-2026-40567MEDIUMFreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature VariablesEPSS 0.2%CVE-2026-25543MEDIUMHtmlSanitizer has a bypass via template tagEPSS 0.2%CVE-2026-26952MEDIUMPi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag AttributeEPSS 0.2%CVE-2025-47280LOWUmbraco.Forms has HTML injection vulnerability in 'Send email' workflowEPSS 0.2%CVE-2026-40568HIGHFreeScout Vulnerable to XSS via Mailbox Signature Due to Incomplete HTML SanitizationEPSS 0.2%CVE-2026-47188LOWQuest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions.EPSS 0.2%CVE-2026-47175LOWQuest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pingsEPSS 0.2%CVE-2025-63785MEDIUMA DOM-based Cross-Site Scripting (XSS) vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerabilEPSS 0.2%CVE-2026-33628MEDIUMInvoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line ItemsEPSS 0.2%CVE-2026-46496CRITICALHAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theftEPSS 0.2%CVE-2026-28348MEDIUMlxml_html_clean: CSS @import Filter Bypass via Unicode EscapesEPSS 0.2%CVE-2026-27016MEDIUMLibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()EPSS 0.2%