Falhas do tipo CWE-116
285 resultadosCVE-2026-43939HIGHYAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread ViewersEPSS 0.2%CVE-2026-44458MEDIUMHono: CSS Declaration Injection via Style Object Values in JSX SSREPSS 0.2%CVE-2025-61084HIGHMDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets (<>) in the From: header of SMTP DATA. EPSS 0.2%CVE-2026-41318MEDIUMAnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable componentEPSS 0.2%CVE-2026-44311MEDIUMFabric.js: Improper escaping in fabric.Gradient colorStops leads to XSS in SVG serializationEPSS 0.2%CVE-2026-28898MEDIUMswift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translaEPSS 0.2%CVE-2026-26027HIGHGLPI has an Unauthenticated Stored XSS via inventoryEPSS 0.2%CVE-2024-34739HIGHIn shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the cEPSS 0.2%CVE-2026-2404MEDIUMCWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters tEPSS 0.2%CVE-2026-54287MEDIUMHono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and LatticeEPSS 0.2%CVE-2025-32074MEDIUMXSSes in Extension:ConfirmAccountEPSS 0.2%CVE-2026-31859MEDIUMCraft has Reflective XSS via incomplete return URL sanitizationEPSS 0.2%CVE-2026-27512MEDIUMTenda F3 Reflected Script Execution via Missing nosniff HeaderEPSS 0.2%CVE-2025-46703MEDIUMPotential XSS in Extension:AtMentionsEPSS 0.2%CVE-2025-48007MEDIUMPotential XSS in Extension:BlueSpiceAvatarsEPSS 0.2%CVE-2026-33657MEDIUMEspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post fieldEPSS 0.2%CVE-2025-66488MEDIUMDiscourse allows script execution in uploaded HTML/XML files on S3EPSS 0.2%CVE-2026-54013HIGHOpen WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUIEPSS 0.2%CVE-2025-0607MEDIUMHTML Injection in Logo Software's Logo CloudEPSS 0.2%CVE-2026-24439LOWTenda W30E V2 Lacks X-Content-Type-Options HeaderEPSS 0.2%