Weaknesses of type CWE-116
285 resultsCVE-2025-8405HIGHImproper Encoding or Escaping of Output in GitLabEPSS 0.5%CVE-2024-22199CRITICALDjango Template Engine Vulnerable to XSSEPSS 0.5%CVE-2022-41322HIGHIn Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user mEPSS 0.5%CVE-2024-9348HIGHDocker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build viewEPSS 0.5%CVE-2025-59158CRITICALCoolify has Stored XSS in Project NameEPSS 0.5%CVE-2023-3552HIGHImproper Encoding or Escaping of Output in nilsteampassnet/teampassEPSS 0.5%CVE-2023-5654MEDIUMThe React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script thaEPSS 0.5%CVE-2021-25254HIGHYandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.EPSS 0.5%CVE-2026-34483HIGHApache Tomcat: Incomplete escaping of JSON access logsEPSS 0.5%CVE-2026-24737HIGHjsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript ExecutionEPSS 0.5%CVE-2023-39527HIGHPrestaShop XSS vulnerability through Validate::isCleanHTML methodEPSS 0.4%CVE-2026-33301HIGHOpenEMR has arbitrary image file read via PDF generatorEPSS 0.4%CVE-2024-35225CRITICALJupyter Server Proxy has a reflected XSS issue in host parameterEPSS 0.4%CVE-2026-54699HIGHWarp: OS command injection when opening terminal links from WSLEPSS 0.4%CVE-2024-4177HIGHHost whitelist parser issue in GravityZone Console On-Premise (VA-11554)EPSS 0.4%CVE-2022-43713—Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validEPSS 0.4%CVE-2026-42810CRITICALApache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table namesEPSS 0.4%CVE-2023-32301LOWDiscourse's canonical url not being used for topic embeddingsEPSS 0.4%CVE-2021-47694MEDIUMNagios XI < 5.8.6 Core Config Manager (CCM) Reflected XSS via Test CommandEPSS 0.4%CVE-2025-61912MEDIUMpython-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null TerminationEPSS 0.4%