Falhas do tipo CWE-116
279 resultadosCVE-2019-9852—Insufficient URL encoding flaw in allowed script location checkEPSS 1.9%CVE-2024-46901LOWApache Subversion: mod_dav_svn denial-of-service via control characters in pathsEPSS 1.9%CVE-2025-34141MEDIUMETQ Reliance CG < SE.2025.1 Reflected XSS in `SQLConverterServlet`EPSS 1.9%CVE-2020-13654HIGHXWiki Platform before 12.8 mishandles escaping in the property displayer.EPSS 1.9%CVE-2023-45135CRITICALXWiki users can be tricked to execute scripts as the create page action doesn't display the page's titleEPSS 1.7%CVE-2021-34630MEDIUMReflected XSS in GTranslate Pro and GTranslate Enterprise < 2.8.65EPSS 1.6%CVE-2023-45539HIGHHAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspEPSS 1.5%CVE-2020-26283MEDIUMControl character injection in console outputEPSS 1.5%CVE-2021-42010CRITICALCRLF log injectionEPSS 1.5%CVE-2024-31866CRITICALApache Zeppelin: Interpreter download command does not escape malicious code injectionEPSS 1.4%CVE-2020-26226HIGHSecret disclosure in semantic-releaseEPSS 1.4%CVE-2021-32679LOWFilenames not escaped by default in controllers using DownloadResponseEPSS 1.4%CVE-2021-32796MEDIUMMisinterpretation of malicious XML input in xmldomEPSS 1.3%CVE-2022-22744HIGHThe constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to coEPSS 1.3%CVE-2021-41191HIGHAPI giving out files without keyEPSS 1.3%CVE-2022-23079—motoradmin - host header Injection in the reset password functionalityEPSS 1.3%CVE-2022-29251HIGHCross-site Scripting in the Flamingo theme managerEPSS 1.3%CVE-2024-45498HIGHApache Airflow: Command Injection in an example DAGEPSS 1.2%CVE-2024-45219HIGHApache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructureEPSS 1.2%CVE-2021-39170HIGHImproper Encoding or Escaping of Output in Asset Metadata ComponentEPSS 1.2%