Falhas do tipo CWE-116
285 resultadosCVE-2025-24338HIGHA vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attEPSS 0.3%CVE-2025-8276MEDIUMHTML Injection in Patika Global Technologies' HumanSuiteEPSS 0.3%CVE-2026-12048CRITICALpgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parserEPSS 0.3%CVE-2023-28362MEDIUMThe redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in thEPSS 0.3%CVE-2023-4393MEDIUMHTML and SMTP Injection in LiquidFilesEPSS 0.3%CVE-2025-55903HIGHA HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field withEPSS 0.3%CVE-2026-28907HIGHThe issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOEPSS 0.3%CVE-2025-27109HIGHLack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-jsEPSS 0.3%CVE-2025-11085HIGHFactoryTalk® DataMosaix™ Private Cloud – Persistent XSSEPSS 0.3%CVE-2024-47531MEDIUMScout contains insufficient output escaping of attachment namesEPSS 0.3%CVE-2026-32811HIGHHeimdall: Path received via Envoy gRPC corrupted when containing query stringEPSS 0.3%CVE-2026-35208MEDIUMlichess.org has an Unsanitized Stream Title Injection on /streamerEPSS 0.3%CVE-2026-35569HIGHApostropheCMS: Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMSEPSS 0.3%CVE-2025-25029MEDIUMIBM Security Guardium information disclosureEPSS 0.3%CVE-2026-26953MEDIUMPi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions TableEPSS 0.3%CVE-2025-12697LOWImproper Encoding or Escaping of Output in GitLabEPSS 0.3%CVE-2026-33941HIGHHandlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and OptionsEPSS 0.3%CVE-2024-9427MEDIUMKoji: escape html tag characters in the query stringEPSS 0.3%CVE-2023-45359MEDIUMAn issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label isEPSS 0.3%CVE-2025-32974CRITICALorg.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content typeEPSS 0.3%