Weaknesses of type CWE-116
285 resultsCVE-2023-40014MEDIUMOpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSenderEPSS 0.6%CVE-2023-24480CRITICALController stack overflow when decoding messages from the serverEPSS 0.6%CVE-2024-34355LOWTYPO3 vulnerable to an HTML Injection in the History ModuleEPSS 0.6%CVE-2023-42183MEDIUMlockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrEPSS 0.6%CVE-2024-34510HIGHGradio before 4.20 allows credential leakage on Windows.EPSS 0.6%CVE-2025-1795LOWMishandling of comma during folding and unicode-encoding of email headersEPSS 0.6%CVE-2026-34481MEDIUMApache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayoutEPSS 0.6%CVE-2022-28284HIGHSVG's <code><use></code> element could have been used to load unexpected content that could have executed script in certain circumstanEPSS 0.5%CVE-2024-56524CRITICALRadware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special characEPSS 0.5%CVE-2026-34479MEDIUMApache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden charactersEPSS 0.5%CVE-2026-20136MEDIUMCisco Identity Services Engine Authenticated Privilege Escalation VulnerabilityEPSS 0.5%CVE-2020-29023LOWCSV Formula Injection possible due to improper fields escaping in GateManagerEPSS 0.5%CVE-2026-32754CRITICALFreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!})EPSS 0.5%CVE-2023-3190LOWImproper Encoding or Escaping of Output in nilsteampassnet/teampassEPSS 0.5%CVE-2023-29543HIGHAn attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vectEPSS 0.5%CVE-2026-12044HIGHpgAdmin 4: SQL injection in COMMENT ON ... IS '<description>' rendering across dialog templatesEPSS 0.5%CVE-2026-44588CRITICALSiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSSEPSS 0.5%CVE-2026-40023MEDIUMApache Log4cxx, Apache Log4cxx (Conan), Apache Log4cxx (Brew): Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden charactersEPSS 0.5%CVE-2024-52005HIGHThe sideband payload is passed unfiltered to the terminal in gitEPSS 0.5%CVE-2022-43543MEDIUMKDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode controlEPSS 0.5%